Sessions and session variables

Anon

Hi there,

the php manual's treatment on sessions and session variables is miserably techish

(http://www.php.net/manual/en/ref.session.php)

and I wish there were some other more educational resources I could read that were more like a tutorial.

for years I've treated sessions as a 'black box' but the time has come for me to learn more than I know so i can work proficiently with them in conjunction with javascript and xml.

And links? Much appreciated!

Sam Fullman
Compass Point Media

Anon

It'smy understnading from a variety of sources that:

It's a cookie ID that is sent to the client and used to retrieve a server-side cookie. The server-side cookie contains that registered variables (session_register()) for that session. Since it's stored server-side, and cookie data is usually small, they bring in the RieserFS-small-file-efficentcy comment.

I hope that helps.

See the session config info in your php.ini. It may shed some light on what it is too.

Anon

Thanks for the input Jason, here is the way I understand how sessions work:

TO INITIATE A SESSION
I send a page request
server sends a request for session ID cookie
if I send back the session ID cookie
server sends the page
else
server sends a session ID cookie blind (whether or not cookie accepted)
server sends the page
end if

WHEN IN A SESSION
I send a page request
server sends request for session cookie
browser sends cookie
server finds code (before header sent) referencing a session variable and gets variable from SERVER SIDE (am I correct?)
script exectutes normally with variable.

So to sum it up, I wish I had a tutorial that went into that detail as eventually I'm going to need to be a security expert and this is in the security family.

Anyone else out there got some good tutorials?

Sam Fullman
Compass Point Media