Chapter 8. Sessions

A fundamental characteristic of the Web is the stateless interaction between browsers and web servers. As discussed in Chapter 1, HTTP is a stateless protocol. Each HTTP request a browser sends to a web server is independent of any other request. The stateless nature of HTTP allows users to browse the Web by following hypertext links and visiting pages in any order. HTTP also allows applications to distribute or even replicate content across multiple servers to balance the load generated by a high number of requests. These features are possible because of the stateless nature of HTTP.

This stateless nature suits applications that allow users to browse or search collections of documents. However, applications that require complex user interaction can't be implemented as a series of unrelated, stateless web pages. An often-cited example is a shopping cart in which items are added to the cart while searching or browsing a catalog. The state of the shopping cart—the selected items—needs to be stored somewhere. When the user requests the order page, the items for that user need to be displayed.

Stateful web database applications can be built using sessions, and session management is the topic of this chapter. In this chapter we:

• Discuss how sessions are managed in the stateless environment of the Web and introduce the three characteristics of server-side session management

• Introduce cookies for storing state

• Show how to use and configure the PHP session management library

• Use PHP session management to improve the client entry <form> in the winestore case study

• Provide a brief list of reasons for using, or avoiding, session management over the Web

The focus of this chapter is on the session management provided by PHP. However, other techniques to keep state are briefly discussed, including the use of cookies.