Page 327 - Beginning PHP 5.3

P. 327

Chapter 10: Preserving State With Query Strings
In this simple example, the shopper can only add one of each product to his cart. Of course, in a real -
world situation, you ’ d probably allow the shopper to add more than one of each product.

Destroying a Session
As mentioned earlier, by default PHP sessions are automatically deleted when users quit their browser,
because the PHPSESSID cookie ’ s expires field is set to zero. However, sometimes you might want to
destroy a session immediately. For example, if a shopper has checked out and placed an order via your
online store, you might empty his shopping cart by destroying his session.

To destroy a session, you can simply call the built - in session_destroy() function:

session_destroy();
Note, however, that this merely erases the session data from the disk. The data is still in the $_SESSION
array until the current execution of the script ends. So to make sure that all session data has been erased,
you should also initialize the $_SESSION array:

$_SESSION = array();

session_destroy();
Even then, however, a trace of the session remains in the form of the PHPSESSID cookie in the user ’ s
browser. When the user next visits your site, PHP will pick up the PHPSESSID cookie and re - create the
session (though the session won ’ t contain any data when it ’ s re - created). Therefore, to really make sure
that you have wiped the session from both the server and the browser, you should also destroy the
session cookie:

if ( isset( $_COOKIE[session_name()] ) ) {
setcookie( session_name(), “”, time()-3600, “/” );
}
$_SESSION = array();

session_destroy();
This code snippet makes use of another PHP function, session_name() . This function simply returns
the name of the session cookie ( PHPSESSID by default).
PHP actually lets you work with more than one session in the same script by using session_name()
to create different named sessions. This topic is outside the scope of this book, but you can find out more
in the “ Session Handling ” section of the PHP manual at http://www.php.net/session .

Passing Session IDs in Query Strings
As you know, PHP session IDs are saved in cookies. However, what happens if a user has disabled
cookies in her browser? One obvious approach is to add some text to your page asking the user (nicely) to
turn on cookies. Another alternative is to pass the session ID inside links between the pages of your site.

289

9/21/09 9:05:15 AM
c10.indd 289
c10.indd 289 9/21/09 9:05:15 AM

322 323 324 325 326 327 328 329 330 331 332