views:

118

answers:

3

I like the idea of a so called session-ID, which is sent to the browser and returned back for auth. But can I store more data in serverside session variables, for subsequent sessions to access? I'm using PHP.

+10  A: 

Session variables are stored on the server side. Only the session ID will be sent back from client. The server will look up its session store for the ID and fetches the variables. The actual variables are not sent to the client at all. This makes session state a nightmare for scalable Web applications since it relies on the server to keep track of users state. The more stuff you put in session, the more overhead per session you'll have on the server.

If you want to store variables on the client itself, you should be using cookies instead of session.

Mehrdad Afshari
+2  A: 

Yes. The session ID in the default php installation actually corresponds to a file on the server that holds all the session data for you. The session ID is merely an identifier for a unique user. The session ID is generally stored in a cookie.

In PHP to store more data in the session, just do this:

--set.php--
session_start();
$_SESSION['var1'] = 'foo';
$_SESSION['var2'] = 'bar';

--look.php--
print_r($_SESSION); // prints Array (var1 => foo, var2=>bar)
Byron Whitlock
You sometimes need to add session_write_close(); after writing session variables to make them stick, too
+1  A: 

No, as I understand it, the only thing that's transferred is the session id, via a cookie.

lod3n