Sessions

[oohoohoohooh]

Hi, i've been using cookies to store my users login details but have been told it is more secure to use sessions. I've read a couple of tutorials on sessions but one thing I'm not understanding is that when you close the browser or visit another site the sessions are deleted (right?). So how does a user stay logged in the next time they visit the site. Could you provide any code examples where necessary as I would find it much easier to understand. Thanks

 

[sleipnir214]

Sessions involve two components: a cookie stored on the user's browser and a session store on the server.

The session cookie contains only one thing, a unique ID number. When a session cookie is sent to PHP, PHP will look in the directory specified for session stores and try to find a matching filename. For example, if the session cookie contains the value "foo", PHP will look in the session store directory for a file named "sess_foo".

A session store file contains a serialized version of all the data in the session variables associated with a particular browser.

As far as "how long do they last?" goes, the session cookie on the browser is temporary. The cookie's expiration instructs the browser to delete the cookie when the browser is shut down. Shut down and restart the browser, and that session variable set is no longer available.

PHP also has a garbage-collection mechanism for session store files. For information on when and what PHP's garbage-collection will do, see faq434-4908 in this forum.


As far as code goes, there isn't much. Just invoke session_start() at the beginning of any script which will manipulate session_variables. There is example code on the PHP online manual page for session_start().

One "gotcha". session_start() may need to manipulate cookies, and cookies must be transmitted to the browser before any HTML content is sent. Invoke session_start() befure your script outputs anything (including error messages).


Want the best answers? Ask the best questions!

TANSTAAFL!!