Any body can explain me how session works in PHP. for eg. 3 users logged into gmail. how the server identifies these 3 uers. what are the internel process behind that.
+2
A:
Gmail uses Python I think, not PHP.
PHP by default writes its sessions to the /tmp directory. It can be configured to store the sessions in the database.
It identifies the sessions via a cookie, but can also be configured to pass a query string but it is very ugly.
alex
2010-06-02 03:55:53
+3
A:
Sessions are made up of two components:
a) Cookie
b) Server-side session data
The cookie usually contains a session id, which references where on the server to get the session data from. The server then uses this session id to fetch the data from the server which is contained inside of a file that has the matching name as the session id.
You can tweak session behavior via the various session_ functions.
Jacob Relkin
2010-06-02 03:57:08
A:
A cookie.
Or a parameter in the url.
And this internet process is called HTTP protocol.
Col. Shrapnel
2010-06-02 03:57:11
+1
A:
Sessions are very straightforward.
When I login to your site, PHP will set a standard browser cookie with a "session ID" — usually an alphanumeric string like 63f1a67cf52b5d2bbd0cbef45e18b242.
As with all cookies, my browser will send that cookie back to your server with every request I make. Thus, your application now knows that every request that comes with a session ID of 63f1a67cf52b5d2bbd0cbef45e18b242 comes from me.
Thus, if you need to store any information about me, you can keep track of it under 63f1a67cf52b5d2bbd0cbef45e18b242. By default, PHP stores this information in files in the /tmp/ directory, though you can override that and store it anywhere you like (e.g., in a database). What matters is associating that session ID with a particular user.
I don't want to oversimplify things. There are some concerns (like, what if an intruder sees my unencrypted session ID and starts using it himself — he could conceivably start masquerading as me), and there are some ways to alleviate those concerns. But the basic mechanism of storing a session ID in a cookie and using that to identify information about me stored on the server is pretty universal.
VoteyDisciple
2010-06-02 03:58:45
sir if I dissable my browser cookie what will happen?
learner
2010-06-02 06:25:34
Typically, you'll be unable to use sessions. PHP does have a setting that will automatically rewrite links as they're written out to the page to include the session ID as an extra parameter, which of course does not require cookies, but does require PHP to interpret your content as you generate it (which should feel a little scary).
VoteyDisciple
2010-06-02 12:36:12
sir how server identifies each user's request. does it save any where?
learner
2010-06-03 02:46:20
The server identifies the request by the value stored in the cookie. Remember that all cookies are transmitted with all requests. Where the information is saved on the server is up to you. As I mentioned, PHP stores it in files in /tmp/ by default.
VoteyDisciple
2010-06-03 03:15:01
+2
A:
Sessions are a combination of a server-side session data and a client-side cookie, with the client-side cookie containing nothing other than a reference to the correct data on the server. Thus, when the user visits the site, their browser sends the reference code to the server, which loads the corresponding data.
This may seem a bit clumsier than just having a client-side cookie with all your data in, but there are a few advantages:
- Your server-side session data can contain very large amounts of data with no hassle - client-side cookies are limited in size
- Your client-side cookie contains nothing other than a small reference code - as this cookie is passed each time someone visits a page on your site, you are saving a lot of bandwidth by not transferring large client-side cookies around
- Session data is much more secure - only you are able to manipulate it, as opposed to client-side cookies which are editable by all
It is also important to note that sessions only last till the user closes their browser, whereas cookies can be configured to last longer. However, other than the above, there is not much difference between session data and cookie data for most purposes.
The following is a very good article which explains how sessions and cookies work within PHP.
Russell Dias
2010-06-02 03:59:18
Ah yeah, thats for pointing that out. I think session data, as Jacob Relkin pointed out might make more sense. I'll edit that in now. Cheers
Russell Dias
2010-06-02 04:32:21
@learner That is true, unless PHP is set up to append an ugly `PHPSESSID` GET var.
alex
2010-06-21 02:12:05
@RusselDias There is one thing I'd point out.. when you say *only you are able to manipulate it*, it is not 100% true. Anyone that can access your `tmp` folder can too (think shared hosts). It is a good idea to change the session save path http://php.net/manual/en/function.session-save-path.php
alex
2010-06-21 02:19:01