What is reason for using session?

thtmal

What is the reason behind using session, if sites like

liveleak.com
youtube..com
amazon.com

requires cookies enabled to log in? To keep track of visitors even when not logged in?

NogDog

No, most likely because a cookie is being used to transmit the session ID.

thtmal

NogDog wrote:
No, most likely because a cookie is being used to transmit the session ID.

But, why would the site need cookie to transmit the session ID? when part of the reason for using a session ID is when cookie is not allowed. Using session, one can retrieve the id from either SID or session_id()

laserlight

But, why would the site need cookie to transmit the session ID? when part of the reason for using a session ID is when cookie is not allowed.

That is a misconception on your part. Sessions can replace cookies, the query string and forms in passing/maintaining data, but ultimately the session id itself must be passed either by using cookies, the query string, or as form data.

Using session, one can retrieve the id from either SID or session_id()

The script can retrieve the id by those methods, but the server cannot, since it must have the session id provided by the client in order to know which session belongs to the client.

thtmal

laserlight wrote:
but ultimately the session id itself must be passed either by using cookies, the query string, or as form data.

I guess my previous reply was incomplete. Your quote, which I understand. Since the id in the end, must be passed via a cookie, query string or as form data. So, is it that the reason why these sites require the use of cookies, since they HAVE to pass it one way or another, that they rather pass it via a cookie, therefore requesting visitors to allow cookies?

laserlight

So, is it that the reason why these sites require the use of cookies, since they HAVE to pass it one way or another, that they rather pass it via a cookie, therefore requesting visitors to allow cookies?

Yes. Passing by a form is generally impractical unless you are actually getting your visitors to fill in a form, and using the query string makes it easier for naive users to give their session id away, thus compromising their accounts.