Help Explain Sessions to boss??

Anon

Im planning on working on using php for a project. Im fairly new to php and need to improve my understanding of sessions vs cookies for php4 so i can assure my boss data stored in sessions variables can not be compromised or revealed.

I am under the impression that php4 sessions variables are somehow stored or used only when cookies are enabled in the browser. However, there is no cookie or other trace of the variables to be found by the user. This anyways is how I think sessions works. Is this correct? Can someone detail this session process more for me or point me to a better explanation that is written up somewhere.

I have looked at the "session section" on line documentation and find it to be lacking for more of a detailed explanation. Thanks

djg_uk

Hi,

Usually when I explain things to MY boss, I make sure I only use words or 2 or fewer syllables and illustrate with colourful pictures. However, it seems that this process is not suitable, so here goes:

Sessions use a COMBINATION of cookies and server-side storage. If the user's browser does not support cookies, then PHP will use a combination of the GET and POST methods (usually GET for regular links, and POST for web forms).

Since the cookies are session cookies, they expire when the user closes the browser, so there is no real security issue, just as you explain.

However, if your user's browser does not support cookies, you MUST have configured PHP with both the --enable-trans-sid and --enable-track-vars options.

Hope this helps.

Regads,

David