FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » session cookie: client side
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: session cookie: client side [message #175899 is a reply to message #175892] Fri, 04 November 2011 15:52 Go to previous message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma:
Senior Member
On Fri, 04 Nov 2011 14:14:52 +0800, sl@exabyte wrote:

> I am a bit confused now.

Clearly.

> For example, using the Opera browser, a user can check a cookie value. I
> understand that this value is used to identify a user, ie I can read it.
> But other people, on LAN or internet, cannot read it because when I send
> data, the data is enrcypted via https.
>
> I suppose the cookie value is the Session ID.

A cookie value is whatever it is set to.

A single page can have multiple cookies with different names, values and
expiration times.

If you're trying to keep track of a session between web pages, there are
several approaches, of which using a session cookie is one.

However, any user when requesting a web page can generate any cookie name
with any data value that they like.

The "session cookie" in php is by default called "PHPSESSID" (it can be
defined locally to be called something else).

The session cookie is sent from the server to the browser when the php
function "session_start()" is called in php. This should be called in
every page that uses the session before any html code is sent to the
client.

When "session_start()" is called, it first looks to see if a cookie
matching the session cookie name was received in the http request.

If it was, and the session id in the cookie is current, the relevant
session data is placed in the $_SESSION[] superglobal. If the session id
was not valid, or no session cookie was received, a blank $_SESSION[]
superglobal is created and a session id is allocated.

Finally, the session cookie is sent back to the client as part of the
response.

The session cookie is only protected by encryption in an https session.
Sessions don't only happen with https, they can happen with http as well.

HTTP(S) are protocols for requests from a client to a server and
responses by a client.

Cookies are a type of data transferred in http(s) requests and responses.

The name, content and use of the any specific cookie has no bearing on or
relationship to the protocol used to carry it between the client and
server.

Rgds

Denis McMahon
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: sqlite and php
Next Topic: simple session question
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 08:36:29 GMT 2024

Total time taken to generate the page: 0.04471 seconds