session and cookie

blackhorse

I read an open source codes system, trying to use cookie and session to pass the same value.

For example.

SetCookie ("user",$user, time()+86400, /);
session_start();
$_SESSION['user'] = $user;

That is the only place the cookie and session has been set up for the value $user.

Later on, when it is calling for the $user value

if (isset($COOKIE['user']))
$user=$COOKIE['user'];
elseif (isset($SESSION['user']))
$user=$SESSION['user'];

My question is that

Is it totally unnecessary that set up session here, because the cookie is already set up for the same value?

Or there is a reason they use session too in some cases cookie will not be able to retrived?

Thanks!

jheitz

Maybe in case the user does not allow cookies on hir/her browser?

blackhorse

But to use session, you have to allow session id, and session id is a cookie, right? so if the user doesn't allow cookie then, the session is not working either, right?

jheitz

PHP5 will deal with sessions in the following way:

1) If cookies are enabled by user, then they are used
2) If they are not, then the session ID is passed as GET or POST arguments.

This is done automatically (according to my PHP book, never tried it myself 😉

blackhorse

jheitz wrote:
PHP5 will deal with sessions in the following way:

1) If cookies are enabled by user, then they are used
2) If they are not, then the session ID is passed as GET or POST arguments.

This is done automatically (according to my PHP book, never tried it myself 😉

Thanks!

Anyone has furture and more information about session ID would not be treated as cookie of cookie is not allowed?

session id used in other languages too, is it PHP 5 way only or it will be the trend of the industry that session id would not be treated as cookie if cookie is not allowed?

jatinder

Suppose you have the following script and have disabled cookies on your browser:

<?php
	session_start();
	$_SESSION['FNAME']='Jatinder';
?>

If you refresh the page in the browser, a new session will be created each time you refresh the page. Now add a link to the above script.

<?php
	session_start();
	$_SESSION['FNAME']='Jatinder';
?>
<a href="test-session.php">Click Here</a>

Refresh the page. You will see that a session id as been appended to the above link. If you keep refreshing the page, session id will still change each time.

But if you click on the link and navigate to test-session.php page you can access the session that has been started in the previous page.

test-session.php

<?php
	session_start();
	print($_SESSION['FNAME']);
?>

Now, no matter times you refresh the test-session.php page, the session ID won't change.

This is the basic working of session without cookies.

Weedpacket

blackhorse wrote:
Anyone has furture and more information about session ID would not be treated as cookie of cookie is not allowed?

Sure. There's quite a bit about it on this page.