How does PHP session work?
This article is about how PHP session works internally. Below are the steps :
1. Session in PHP is loaded into PHP core as an extension, we can understand it as an extension. When session extension is loaded, PHP will call core functions to get the session save_handler, i.e interface or functions for reading and writing session data. By default, PHP will handle session data by writing and reading files on the server. But PHP also supplies custom methods for handling session data, we can use session_set_save_handler() to register the save_handler. At the same time, PHP will check whether session_auto_start is on or off in the configuration file, if it is on, PHP will call internal functions to create session automatically.
2. When PHP creates the session, it will first check whether session id exists in the requested cookie, GET and POST data. If it doesn't exist, it means it's the first time the user accesses the website, PHP will automatically call php_session_create_id() function to create an unique session id and it will send the session id to the client side through the http response by setting the set-cookie header, PHP can also put the session id on the URL as a parameter or put it in a hidden input field, but this needs the session.use_trans_sid to true in php.ini. Otherwise, if the session id is already existed, PHP will do following things:
a. Get Session ID from cookie
b. Call save_handler's open interface to open the file which stores the session
c. If cannot read respective session id, it will create new Session ID
d. Register $_SESSION and $_HTTP_SESSION_VARS global variable, $_SESSION and $_HTTP_SESSION_VARS will be array.
e. It will call save_handler's read interface to read session data, if you store the session data in a file, it will read the session data from a file, or if you are storing session data in database, it will read session data from database and save them in the $_SESSION variable.
3. Finally, when a request is completed, PHP will call internal function to get $_SESSION data, then it will serialize them by calling the php_session_encode() function, later it may call the save_handler's write interface to store the session data.
The above are the basic steps for PHP session implementation. You can also refer to PHP source codes for more information.