Page 1 of 1

Session cookie still created with use_cookies=0

Posted: Tue May 20, 2008 4:32 pm
by acatterson
Hi. New to PHP ... just experimenting w/ sessions ...

Issue: Session cookies (with variables set inside) still created when session.use_cookies = 0 in php.ini (PHP5)

Php.ini:
session.use_cookies = 0
session.auto_start = 1
session.save_path = "C:\WINDOWS\Temp"

NOTE: Saved php.ini about 10 times and restarted apache each time …

simple code snippet:
<?php
echo "PHP Session ID is : ".session_id()."<br/>";
$_SESSION['user']='anyuser';
$_SESSION['password']='anypassword';
echo "User: ".$_SESSION['user']."<br/>";
echo "Password: ".$_SESSION['password']."<br/>";
echo session_save_path();
?>

What I don’t understand is that a session cookie is still created and the session variables are in it?

Output:
PHP Session ID is : 5dm124okj15r40cak5ej2qsm05
User: anyuser
Password: anypassword
C:\WINDOWS\Temp

Contents of new session file created in C:\WINDOWS\Temp (with name of above session)

user|s:7:"anyuser";password|s:11:"anypassword";

Am I confused? :-) Any help greatly appreciated :-)

Re: Session cookie still created with use_cookies=0

Posted: Tue May 20, 2008 4:41 pm
by Jade
Hey there,

A session has to keep track of who you are as you navigate around. If you don't use cookies then instead of a cookie being created the browser creates a temp file with the session data inside of it and this is what you're seeing.

Re: Session cookie still created with use_cookies=0

Posted: Tue May 20, 2008 5:04 pm
by acatterson
Thanks! but now I'm more confused :-) (it's me ....)

So the file I'm seeing in C\WINDOWS\Temp is created by my browser, independent of PHP. Good to know. But when I set session.use_cookies = 1 in PHP.INI (restart apache, etc) , I still only see the same temporary file created by the browser in C:\WINDOWS\Temp. I cant find a cookie anywhere ... should I expect to see an additional cookie file somewhere or am I still clueless :-)

Thanks again for your response

Re: Session cookie still created with use_cookies=0

Posted: Tue May 20, 2008 6:34 pm
by acatterson
Never mind. After much Googling, I think I got it:

1) Session cookies are temporary (not persisted by the browser) and simply contain session identification information (only session id I believe).
2) Session data is stored on the web server (by PHP)
3) The session.save_path identifies where the web server stores its session data.

So ... I was actually looking at the session data file created by PHP on the web server

So ... I was certainly clueless.

Regards

P.S. -> If I'm wrong ... feel free to let me know :-)