Storing Sessions in mysql database

aktome2001

I've written a class to store sessions in a database and everything initially seems to be working great. The session information is recorded in the database and the information is updated each time the page is refreshed.

The problem though, is that a cookie is still set by the browser and PHP uses the cookie to track the session instead of using the database information. I was under the impression that if you were to use a database to track sessions, then a cookie wouldn't be used or set.

I have set the session hander using session_set_save_handler().

How do I correct this problem and make it so that cookies aren't used?

Thank you.

drew010

the cookie is only used to store the session id, so php knows who is who. what php does is when you first start a session, it appends the session id to all links to your pages, and when the user clicks one, it sees if the session id cookie was sent back (meaning they have cookies enabled). if the cookie was not sent back, it keeps putting the sid on the urls, otherwise it relies on the cookie for the session id.

aktome2001

Actually, that's not what is happening. I don't have php write the session ID to each link (it's not very secure).

I think that you may have missed my question.

If you're using a database to store session information, including the session ID, are cookies always also used to store the session id?

I do not want to use cookies at all. I tried to turn off cookies by setting session.use_cookies to false, but now php doesn't share the session id amoungst pages and a new session id is created each time the page is refreshed. How do I disable the use of cookies and have php recognize the session ID set in the database?

drew010

php has to know one way or another which user owns what session id. its either stored in a cookie (default is called PHPSESSID) or its sent through the url in a query string every time. you have to decide one or the other.

aktome2001

So if a person has cookies disabled, then the session ID HAS to be sent through the url other wise PHP won't know what session id to use?

drew010

exactly right.

aktome2001

Thank you.