FUDforum: comp.lang.php » session cookie: client side

Home » Imported messages » comp.lang.php » session cookie: client side

Show: Today's Messages :: Polls :: Message Navigator

Re: session cookie: client side [message #175899 is a reply to message #175892]

Fri, 04 November 2011 15:52

Denis McMahon
Messages: 634
Registered: September 2010

Karma:

Senior Member

On Fri, 04 Nov 2011 14:14:52 +0800, sl@exabyte wrote:

> I am a bit confused now.

Clearly.

> For example, using the Opera browser, a user can check a cookie value. I
> understand that this value is used to identify a user, ie I can read it.
> But other people, on LAN or internet, cannot read it because when I send
> data, the data is enrcypted via https.
>
> I suppose the cookie value is the Session ID.

A cookie value is whatever it is set to.

A single page can have multiple cookies with different names, values and
expiration times.

If you're trying to keep track of a session between web pages, there are
several approaches, of which using a session cookie is one.

However, any user when requesting a web page can generate any cookie name
with any data value that they like.

The "session cookie" in php is by default called "PHPSESSID" (it can be
defined locally to be called something else).

The session cookie is sent from the server to the browser when the php
function "session_start()" is called in php. This should be called in
every page that uses the session before any html code is sent to the
client.

When "session_start()" is called, it first looks to see if a cookie
matching the session cookie name was received in the http request.

If it was, and the session id in the cookie is current, the relevant
session data is placed in the $_SESSION[] superglobal. If the session id
was not valid, or no session cookie was received, a blank $_SESSION[]
superglobal is created and a session id is allocated.

Finally, the session cookie is sent back to the client as part of the
response.

The session cookie is only protected by encryption in an https session.
Sessions don't only happen with https, they can happen with http as well.

HTTP(S) are protocols for requests from a client to a server and
responses by a client.

Cookies are a type of data transferred in http(s) requests and responses.

The name, content and use of the any specific cookie has no bearing on or
relationship to the protocol used to carry it between the client and
server.

Rgds

Denis McMahon

Report message to a moderator

[Message index]

		session cookie: client side By: sl@exabyte on Thu, 03 November 2011 09:10
		Re: session cookie: client side By: Balazs Nadasdi on Thu, 03 November 2011 12:23
		Re: session cookie: client side By: sl@exabyte on Fri, 04 November 2011 06:14
		Re: session cookie: client side By: Jerry Stuckle on Fri, 04 November 2011 11:55
		Re: session cookie: client side By: sl@exabyte on Fri, 04 November 2011 14:21
		Re: session cookie: client side By: Jerry Stuckle on Fri, 04 November 2011 18:40
		Re: session cookie: client side By: Denis McMahon on Fri, 04 November 2011 15:53
		Re: session cookie: client side By: Jerry Stuckle on Fri, 04 November 2011 18:41
		Re: session cookie: client side By: Denis McMahon on Fri, 04 November 2011 15:52

Previous Topic:	sqlite and php
Next Topic:	simple session question

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Oct 05 13:19:56 GMT 2024

Total time taken to generate the page: 0.05202 seconds