sessions

zeberdee

The PHP manual tells you to use Cookies with Sessions, but i do not understand why you need Cookies if you are using Sessions that are held on the server.
i.e when logged in to site start new session :
session_start();
$_SESSION['userid'] = $userid;

and on subsequent pages you can test:

session_start();
if (isset($_SESSION['userid']))
{ok; } else (not logged in yet; }

this works ok in my testing and no cookies are used.
Can someone verify this is correct or am i missing something big i am a newbie so i do not want to get things wrong at this early stage

dhirendrak

It maintain server side cookies.

For testing just start a session and see /tmp folder if your r using linux os .Or you can find this path in php.ini file.

mooseday

You can't guarantee the client will accept cookies ( ie if security settings are set or is they are blocked by a firewall ) - whereas server sessions will always be available.

Cookies can be set to always stay on the machine or go after a specified time and are user dependant ( each user on a machine can have a different set of cookies ) , where as server session are valid as long as the browser is connected.

Cookies can be read and modified by the user on the client with notepad so you can't always guarantee their integrity.

I would suggest it all depends on the type of page you are creating - if you are just after storing a user name or a list of which pages a user has been to use a cookie. If you are after checking if a user is logged on to a site or storing more sensitive information use a session - for added security use a combination of both.

zeberdee

Thx for replying,
I know the diff between cookies and sessions, but with the code why does the PHP manual say use in conjunction with cookies or append the SID to each URL??
Why is the code not suffucient on its own, ie with the code you don't need to append the SID to a url? it still picks the user up because one of the session variables are set??

dhirendrak

When i used it first time with the help of manual i was also confused and i alreday spent approx 2 hour after i was just trying each and every option then i got the result. Manual is ok but some time you have to do your own.

press711

You are still using cookies. In your php.ini set it not to use cookies by default. (Check Trans_sid is turned off in your php.ini)

If you are unsure use a "good browser" and tell it to notify you whenever cookies are being used. If you do not see the phpsessionid automatically added to the end of all urls and your sessions work then you are using cookies.

Phoenix Amis Consultancy - Web hosting, Web Design, Web Development, Ecommerce

zeberdee

Thx press711. You are right i am still using cookies what shall i do if client restricts cookies? How do i know if client restricts cookies?
session_use_cookies = 1;
session_use_only_cookies (is not set);
session_use_trans_sid = 0;

press711

Please refer to :
http://www.zend.com/zend/tut/session.php

and

http://www.trios.org/php/sessions/

I hope you find these useful.