using XML to store session iDs

numerical25

I was thinking about more reliable and safer ways to store session ids and one came across was XML. has anyone heard of anyone doing this type of session storing ??

Could it be a good idea or bad idea ???

If good then does anyone know of any good tutorials or books that discuss proper ways of doing so

If not then why not

NogDog

Based on my concept of what a session ID is, I can think of no reason to bring XML into the mix. Perhaps your concept is different, so maybe I need a little more detail on what exactly it is you want to store and why? Or do you mean session data? (Though I still don't see a need for XML.)

numerical25

Well maybe I just have a misunderstanding im not sure. But...

to keep track of a user session, the session id is usually stored in a cookie or the URL. URL session Id is bad especially if the session holds valueble information. then there is cookie session which is prefered. Is there any way of storing the ID in a xml file that is stored on the server to keep track of that session id.

Or perhaps even storing session data? is there any possible way of storing the session data along with maybe an ID and retrieve that data from page to page ?

NogDog

The session ID must be passed back-and-forth between the server and the browser, otherwise there is no reliable way of knowing which user is connecting on each subsequent HTTP request. The cookie is better than the URL in terms of usability and slightly better in terms of security, but the only real security is to use an encrypted connection (i.e. SSL).

The session ID itself contains no sensitive data, other than the fact that it is used to identify which session data the PHP script is to access on the server.

Weedpacket

numerical25 wrote:
is there any possible way of storing the session data along with maybe an ID and retrieve that data from page to page ?

This is exactly how session management works already. The server gets the session ID from the client, and looks that ID up in whatever it is using to store sessions to find the session data that goes with it.

The server and the client have to both store the session ID for the duration of the session - it's a session ID, after all: it identifies the session. If the client didn't store the ID it would not be able to tell the server which session its request is a part of. And if the server didn't store the ID it wouldn't know which session data to retrieve from storage when it receives the request.

numerical25

Ok, we slightly went off topic here. IM aware of how sessions work. My question to you all is about alternatives besides the URL and Cookies

Im guessing there logically is no other way in storing the data or the ID. I was suggesting using XML to keep track of user id from page to page. but it looks like no one has really a clear answer on that route, so I assume that its probably not a route to take.

NogDog

Whatever the XML is that you would store the session ID in, it would still have to somehow be transmitted from the server to the browser with each session-controlled page, and the browser would somehow have to send it back to the server whenever it requests a page.

All that currently gets transferred with a session cookie is one string of randomly generated characters for the session ID. Or if cookies are not enabled and if your PHP configuration allows for it, it will be transmitted via the URL or as a form field if applicable.

So now my question to you is, how would XML fit into this? XML is just a text mark-up specification. Sure, you could put the session ID into an XML-structured text string or file, but then what? That XML text would still have to be transmitted back and forth between the browser and the server. And where would the browser store it and then how would it transmit it back to the server? The only way I can think of is via a cookie, which therefore gains you nothing, but ends up requiring more data to be transmitted since now the same session ID string has to wrapped up in XML mark-up.

If you still consider this off-topic, then you'll need to find another way to explain to me what you are after that will finally make the light bulb go on over my head.

Weedpacket

NogDog wrote:
If you still consider this off-topic, then you'll need to find another way to explain to me what you are after that will finally make the light bulb go on over my head.

I agree:

numerical25 wrote:
IM aware of how sessions work.

You'll need to explain yourself better, then, because at the moment it doesn't show. You talk about "storing" the session ID when you're not talking about storage but the transport mechanism, and you also talk about storing the session data there as well. Lobbing in a buzzword like "XML" without any explanation as to how it's supposed to fit in where doesn't help. It's no way to conduct a technical discussion.

Any other mechanism you come up with, incidentally, would have to be understood by clients as well.