To ensure that the script can work with sessions, you must first initialize the session mechanism. This is done using the session_start ().
This will create a new session or re-established pre-existing. How the server knows what to do: create or restore?
It's very simple. The fact is that when a visitor comes to your site, it is assigned a 32-bit identifier of the form:
abcd1efgh2ijkl3mnop4qrs5tuv6wxyz, which "follows" him for all movements through the site.
"Adherence" is provided either by means of cookies, or if they are disconnected from the user, adding addresses to all GET-request form: PHPSESSID = id, ie, Address myscript.php become myscript.php? PHPSESSID = id.
When processing a request to the server engine looks for php ID assigned to it in the data and, if found, and the session is not obsolete, then updates it. Otherwise, a new one. By the way, the session identifier can be retrieved using the session_id ();
After the session mechanism was initialized in the script, we can save any information in the associative array $ _SESSION.
This array is a global variable of the session.
Thus, keeping it, for example, the values ??of variables login and password at the login page, we can use them on all pages of the site protected.
Conclusion of the session is done automatically after a certain period of time, or force when using session_destroy ().
Well, we understand the theory, it is now time to apply it in practice.
To do this, write three scripts: login.php - login to visitors, protected.php - close the page and logout.php - completion of the work.
Well, that's all. I hope this article helps someone.