Any body can explain me how session works in PHP. for eg. 3 users logged into gmail. how the server identifies these 3 uers. what are the internel process behind that.
Gmail uses Python I think, not PHP.
PHP by default writes its sessions to the /tmp
directory. It can be configured to store the sessions in the database.
It identifies the sessions via a cookie, but can also be configured to pass a query string but it is very ugly.
Sessions are made up of two components:
a) Cookie
b) Server-side session data
The cookie usually contains a session id, which references where on the server to get the session data from. The server then uses this session id to fetch the data from the server which is contained inside of a file that has the matching name as the session id.
You can tweak session behavior via the various session_
functions.
A cookie.
Or a parameter in the url.
And this internet process is called HTTP protocol.
Sessions are very straightforward.
When I login to your site, PHP will set a standard browser cookie with a "session ID" — usually an alphanumeric string like 63f1a67cf52b5d2bbd0cbef45e18b242
.
As with all cookies, my browser will send that cookie back to your server with every request I make. Thus, your application now knows that every request that comes with a session ID of 63f1a67cf52b5d2bbd0cbef45e18b242
comes from me.
Thus, if you need to store any information about me, you can keep track of it under 63f1a67cf52b5d2bbd0cbef45e18b242
. By default, PHP stores this information in files in the /tmp/
directory, though you can override that and store it anywhere you like (e.g., in a database). What matters is associating that session ID with a particular user.
I don't want to oversimplify things. There are some concerns (like, what if an intruder sees my unencrypted session ID and starts using it himself — he could conceivably start masquerading as me), and there are some ways to alleviate those concerns. But the basic mechanism of storing a session ID in a cookie and using that to identify information about me stored on the server is pretty universal.
Sessions are a combination of a server-side session data and a client-side cookie, with the client-side cookie containing nothing other than a reference to the correct data on the server. Thus, when the user visits the site, their browser sends the reference code to the server, which loads the corresponding data.
This may seem a bit clumsier than just having a client-side cookie with all your data in, but there are a few advantages:
- Your server-side session data can contain very large amounts of data with no hassle - client-side cookies are limited in size
- Your client-side cookie contains nothing other than a small reference code - as this cookie is passed each time someone visits a page on your site, you are saving a lot of bandwidth by not transferring large client-side cookies around
- Session data is much more secure - only you are able to manipulate it, as opposed to client-side cookies which are editable by all
It is also important to note that sessions only last till the user closes their browser, whereas cookies can be configured to last longer. However, other than the above, there is not much difference between session data and cookie data for most purposes.
The following is a very good article which explains how sessions and cookies work within PHP.