The session cookie

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
guitarlvr
Forum Contributor
Posts: 245
Joined: Wed Mar 21, 2007 10:35 pm

The session cookie

Post by guitarlvr »

I have a login script containing the following files:

index.php //main page
login.php //user login
logout.php //user logout
register.php //user reg.
activate.php //activate user reg.

I am using sessions in order to keep track of users logged in.

I noticed that once logged in, the session creates a cookie on the users PC and then that cookie is destroyed upon closing of the browser. My question is, should sessions use cookies at all? Aren't sessions stored on the server and not as a cookie?

Thanks,

Wayne
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

The default session settings try to maintain the session however it can. Using cookies and passing the ID via a GET/POST parameter are simply alternate ways to maintain the session. You might want to look into the issues surrounding session fixation to learn more.
(#10850)
Post Reply