?? ? session cookie and session file

Anon

Could anyone helpme with this issue?, please.

When the first time a php calls a session_start(), a session identifier is generated and by default a set-cookie header is included in the response.

This creates a session cookie on the client browser called PHPSESSID with 0 sec of life. (unless you change the session.cookie_lifetime on the php.ini to another value)

Also a the sametime a sessionfile is created on the /tmp directory of the server using a session identifier prefixed with sess_ (example.: sess_jksdh546g5sda44564465)

NOW:

If you set session.cookie_lifetime to 600 sec and you configure your browser to not accept cookies why I am still getting those when I call a php script with session_start() ?

Try it and see that i mean.........

Thank you!

Anon

Which one do you mean by "those"?

The session cookies? Depending on your browser, per-session cookies (which these are) may be treated seperately from persistent cookies. You might be turning off persistent cookies and leaving session variables turned on.

The session files in /tmp? The session data has to be stored somewhere, or you wouldn't have a session.

Anon

By those I mean the (PHPSESSID cookie) that is created on the client cookie directory once I have changed the session_cookie_lifetime on the php server

To be more precise......
What I want to know is:

Is it a way to block this type of cookie from my browser?

About the session files on in /tmp I do not have any question about how do they work.

Thank you for your reply!

Anon

If you've turned cookies off (and session cookies) in your browser, then the cookies shouldn't be getting created. If they are, then there's something broken in the browser.

If they were created before cookies were turned off, then the obvious solution is to delete the cookie files.

How you delete cookies, how you turn their support on and off, and how you block cookies of various types, depends entirely on what sort of browser you're using. Consult its documentation / home site.

fandelem

Sessions are different than cookies.

Sessions for the most part are passed along transparently from each page you visit within the session 'realm' .. I really do not know how to turn off these from the browser side -- cookies will not do it, because sessino variables are passed along with other headers (this is why sessions are much preferred over cookies as a baseline authentication measure, because they are 1. destroyed after the browser(s) windows are closed and 2. transparent for you, and not stored on the hard drive).

Cookies, however, I'm sure you know how to disable 🙂

hth,

kyle

Anon

Cookies are sent in the header, as well (where else are they to go?). Persistent cookies and session cookies look and work just the same; the only difference is that the browser doesn't retain session cookies between sessions (and so generally doesn't bother saving a cookie file).

Again, whether/how you disable session cookies and/or persistent cookies depends on your browser.