Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Session files are usually stored in, say, /tmp/ on the server, and named sess_{session_id}. I have been looking at the contents and cannot figure out how they really work.
Fetching the variable name and content from the file is easy. But how does PHP know what session belongs to whom?
The session_id seems totally random and one IP address can have several users, and each user can have several sessions if they have more than one browser window open.
So how does it work?
In the general situation :
PHPSESSID)The data in the sessions files is the content of
$_SESSION, serialized (ie, represented as a string — with a function such as serialize) ; and is un-serialized when the file is loaded by PHP, to populate the$_SESSIONarray.Sometimes, the session id is not stored in a cookie, but sent in URLs, too — but that’s quite rare, nowadays.
For more informations, you can take a look at the Session Handling section of the manual, that gives some useful informations.
For instance, there is a page about Passing the Session ID, which explains how the session id is passed from page to page, using a cookie, or in URLs — and which configuration options affect this.