Client Clones and Server Sessions
By Tony Marston2005-05-06
Session Names and Session Cookies
|
|
The standard mechanism for PHP to supply and retrieve session identifiers is to use session cookies. These are called "session" cookies as they exist in the client's memory only for the duration of a particular browser session. They are not written to disk, therefore as soon as the browser session is terminated any session cookies will be dropped from memory and will cease to exist. If you have a web browser such as Firefox or Opera you will be able to examine any of these session cookies.
Each cookie is in the format name=value. It is used by PHP via the $_COOKIE array to represent session_name=session_id. The default session name used by PHP, as defined in the php.ini file, is PHPSESSID. The session identity is a randomly generated 32 character string, so it is possible to see something like the following in your session cookies:
PHPSESSID=af58bbf6b4d1298614583edff5b0ab8d
In some cases either the web application or the client browser will decide not to use session cookies, in which case this information may appear:
• In the URL as one of the arguments following the domain name.
• In the form data as a hidden field.
It is possible to change the value of the session name in the following ways:
• By changing the value in the php.ini file. This is usually not allowed if you are using shared web hosting.
• By using a setting in an Apache .htaccess file, in which case you can set a different value for different directories.
• By using the session_name() function. This allows you to change the session name whenever you like to whatever you like.
Tutorial Pages:
» Introduction
» Session Identities
» Session Names and Session Cookies
» Dynamically changing the Session Name
» Starting a new session
|
