I looked this up a while ago and it was and still is quite vague to me. I’d like to know if the following things about sessions are correct when I use this: $_SESSION['username'] = "pete";
$_SESSIONis a global variable that can only be changed on the server- When
$_SESSION['username']is declared a cookie will be set on the client-side - This means the client can view the data but not edit it
- When
$_SESSION['username']is declared a cookie will be set on the server-side as well
If the third statement is true then why cant I find the cookie with the username inside it if I log in? I do find a session cookie but it contains a code like tkcsq66lucpra9m7j3ogqol5h7. Not quite a name now is it?
It’s a super-global … but one that is populated with saved data between executions of scripts.
No. A cookie (unless the settings have been fiddled with) will be created when the session is started
No. The cookie contains the session id, not the data
Cookies are stored only on the client. Data will be stored on the server, and will be associated with an identifier that is stored in the cookie sent to the browser.
It isn’t true.
That’s the identifier.
If you were building a session system yourself (instead of using PHP’s built in library for it) then you might store something like this in a database:
The session library can then populate
$_SESSIONwith"username" => "pete"when a session is started and it receives a cookie withsessionId=tkcsq66lucpra9m7j3ogqol5h7in it.PHP’s built in system isn’t so cheap and nasty (and does it transparently so you don’t need to worry about the implementation details).