Sep 06, 2019

PHP sessions tutorial

A session variable is a special kind of global variable in php programming. We can use sessions for share variables with other php scripts those are running at the moment. In many times sessions are very helpful to create login mechanisms in web applications. we want to give a special permission to authenticated people we can add a login page and ask login credentials. Think about following as an example . There is a login page called login.php in a web application . After a user log in successfully it make a session variable called 'logged_in' and assign the value true to it. After that it redirect user to another page called profile.php . Now in profile.php we check for logged_in cookie if it is found and its value is true we know the HTTP request is from an authenticated user. If an non authenticated user ask the profile.php we can either show a error massage or redirect him to the login page.
if(isset($_SESSION['logged_in'] && $_SESSION['logged_in'] == 'true')){
   echo 'you have logged in!';
I think you understand the usage of sessions. A session variable only lasts until the browser window is closed. So if we want to keep sessions for a long time we can combine sessions with cookies. That's how services like Facebook, google are keeping remember our logins. Let's see how we can use sessions in our PHP pages. The first thing to do is starting the PHP session. We can use session_start() function for that. You have to put it before any html tags on your PHP file. After that we can assign values to session variables. Hear we have an example.
$_SESSION['name'] = 'Jhone' ;
After assigning we can use them. Not just only in same php page. We can use this variables in any php script currently running. If we haven't started session yet we want to use session_start() function to start the session. <?php session_start(); echo $_SESSION['name'] ; ?> Do you know what happen when we logging out from a web application?. Or simply remove session. How we can remove a session? There are two functions as session_unset(), session_destroy()  to do this.

session_unset() will remove all session variables. session_destroy() function erase current session. So there are may things we can do with sessions other than making a login system. For an example when we want to send massages from one php page to another we can use session variables instead of GET parameters. Do guys it's all for this tutorial. I hope you learned new thing. Just leave a comment if anything unclear. Thanks for reading.
Jun 21
Protostar Stack1 Tutorial

In previous tutorial I completely explained how to exploit protostar stack 0 vulnerable program. In....

Apr 27
Pwnable fd CTF walkthrough

In this document we are going to try a new CTF called file descriptor. This is from  .....

Aug 20
CIA law of cryptography

Today I selected an important topic in cryptography. We can call or as the base of cryptography.....

Replying to 's comment Cancel reply
Thilan Danushka Dissanayaka

Thilan Dissanayaka

Hi, I'm Thilan from Srilanka. An undergraduate Engineering student of University of Ruhuna. I love to explorer things about CS, Hacking, Reverse engineering etc.