Page 1 of 1

The session cookie

Posted: Wed Mar 28, 2007 8:39 pm
by guitarlvr
I have a login script containing the following files:

index.php //main page
login.php //user login
logout.php //user logout
register.php //user reg.
activate.php //activate user reg.

I am using sessions in order to keep track of users logged in.

I noticed that once logged in, the session creates a cookie on the users PC and then that cookie is destroyed upon closing of the browser. My question is, should sessions use cookies at all? Aren't sessions stored on the server and not as a cookie?

Thanks,

Wayne

Posted: Wed Mar 28, 2007 10:10 pm
by Christopher
The default session settings try to maintain the session however it can. Using cookies and passing the ID via a GET/POST parameter are simply alternate ways to maintain the session. You might want to look into the issues surrounding session fixation to learn more.