phpsession id, server-side cookies

robsgaming

If a client has their cookies turned off, $PHPSESSID has no value.

However, if the client has their cookies turned on, $PHPSESSID is given a value.

Why is this? I thought sessionid variables come directly from the server.

I'm using start session, etc.

I've heard in order for this to work, trans-sid must be turned on. Is this correct?

dalecosp

Yeah, that's pretty much correct unless you want to write session-handling routines into all your scripts.

Why? Ok, take this as a "for instance...."

I'm the registrar at your college, a large institution with literally millions of students. I have a file for each one, kept in my office. You come and I want to tell you what courses you need to take next semester. No problem, I look in my file, right?

But there is a problem. I've no idea on God's green earth who you are. So, you show me your student ID.

The analogy really falls apart, because in order to be more realistic, I'd have to be blind, and you'd have to be mute. I'd have to reach over the desk and touch your braille name tag before I could know which file to look up your info in. That's a tad closer. Millions of client machines, how can PHP know which HTTP request is yours? You've either got a cookie, or it's in the URL and the server can read it....