PHP Sessions and Data Persistence Introduction

PHP Sessions and Data Persistence

Introduction

As web applications have matured, the need for statefulness has become a common requirement. Stateful web applications, meaning applications that keep track of a particular visitor’s information as he travels throughout a site, are now so common that they are taken for granted.

Given the prevalence of web applications that keep track of things for their visitors— such as shopping carts, online banking, personalized home page portals, and social networking community sites—it is hard to imagine the Internet we use every day without stateful applications.

HTTP, the protocol that web servers and clients use to talk to each other, is a stateless protocol by design. However, PHP gives you a convenient set of session management functions that makes the challenge of implementing statefulness much easier. This chapter focuses on several good practices to keep in mind while developing stateful applications.

Sessions are focused on maintaining visitor-specific state between requests. Some applications also require an equivalent type of lightweight storage of nonvisitor-specific state for a period of time at the server-side level. This is known as data persistence.

Explains PHP’s session module, which lets you easily associate persistent data with a user as he moves through your site. Explore session hijacking and session fixation vulnerabilities and how to avoid them.

Session data is stored in flat files in the server’s /tmp directory by default. Explain how to store session data in alternate locations, such as Memcached and a database, and discuss the pros and cons of these different approaches.

Demonstrates how to use shared memory for more than just session data storage, and illustrates techniques for longer-term storage of summary information that has been gleaned from logfiles.