I couldn't fight the right forum for this, help Cookies

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PHPHelpNeeded
Forum Commoner
Posts: 83
Joined: Mon Nov 17, 2014 8:03 pm

I couldn't fight the right forum for this, help Cookies

Post by PHPHelpNeeded »

Hi,

I have some question. I don't have a code to show. But I have some basic question as to when to actually use cookie sessions?

Question#1: on each individual page where you start a cookie session, is a cookie created for each individual session?
Question#2: so lets say, I have authenticated a user, who has browser cookies enabled, which allows me to start a session, when going from the current page on the browser to another page in the site, do you keep track of the session you created by the session ID? or in retrospect to Questin#1, once you start a session for an authenticated user, you don't start another session because then the session ID will change, right?
Question#3: once I create a session, if I want to go from the current page on the browser, to another page in the site, how do I transmit or pass or transfer the cookie session ID to the page where I redirected, without giving away my user's session ID, which can be a vulnerability if someone is trying to hack the site, while someone is playing the game in an active session?

I will have more questions, but these questions for now, will allow me to understand those basic questions (some books, don't explain this sort of mechanics, unless I have not found the correct one).

If you adding a code sample for me to see, do it in PHP please. (Only if you are placing a sample code, otherwise it is not necessary).

Thanks.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: I couldn't fight the right forum for this, help Cookies

Post by Celauran »

Sessions (server side) and cookies (client side) aren't the same thing, so your reference to cookie sessions is a bit unclear. Both are superglobals and are thus available everywhere, regardless of scope. What gets stored in which is generally a question of data sensitivity. For your authenticated user example, you would most certainly use sessions over cookies. Calling session_start() at the beginning of each page, before headers are sent, will suffice. PHP will handle session management for you. You can simply read from / write to the $_SESSION super global like any other array. That's the super condensed beginner version of it, at any rate. If you have more specific questions, fire away.
Post Reply