Session support in PHP consists of a way to preserve certain data across subsequent accesses.
A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
The session support allows you to store data between requests in the $_SESSION superglobal array. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.
Sessions are made up of two components, a client-side session ID and server-side session data. The session ID is sent to the user when the session is created. User can send that session ID to the server as a URL param, cookie, or even HTTP headers.It is stored in a cookie (called, by default, PHPSESSID), that cookie is sent by the browser to the server with each request. The server (PHP) uses that cookie, containing the session_id, to know which file corresponds to that user.
The data in the sessions files is the content of $_SESSION, serialized (ie, represented as a string with a function such as serialize) and is un-serialized when the file is loaded by PHP, to populate the $_SESSION array.
There are two methods to propagate a session id:
- Cookies
- URL parameter
The session module supports both methods. Cookies are optimal, but because they are not always available, we also provide an alternative way. The second method embeds the session id directly into URLs.
PHP is capable of transforming links transparently. Unless you are using PHP 4.2.0 or later, you need to enable it manually when building PHP. Under Unix, pass --enable-trans-sid to configure. If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically.
No comments:
Post a Comment