Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Do PHP sessions set any cookies?

I only manually set one cookie on my social network site, but I rely heavily on php sessions. I am wondering if sessions set any cookies behind the scenes?

I was just reading up on HttpOnly-cookies and I am just trying to figure out if I can use them.

like image 204
JasonDavis Avatar asked Sep 04 '09 00:09

JasonDavis


People also ask

Can PHP session work without browser cookies?

You can also login without Cookies only by Session Id and Time, but you have to write them both in your Database direct after Successful Login. I have in index. php something like this that will always generate a new session id based on time and the old session id if conditions are not verified.

Do sessions use cookies?

Yes, Session management is done using a kind of session-id i.e. cookies. cookies maintained in the browser help backend to identify users.

Is PHP session id a cookie?

PHP sessions is an alternative to the standard cookie approach. It's still a cookie, but it's called PHPSESSID and is typically stored in the /tmp/ directory on the web server itself.

How PHP session is different from cookies?

The main difference between a session and a cookie is that session data is stored on the server, whereas cookies store data in the visitor's browser. Sessions are more secure than cookies as it is stored in server.


1 Answers

PHP sessions can use cookies depending on how you configure them. Have a look at these settings:

  • session.use_cookies (boolean): specifies whether the module will use cookies to store the session id on the client side. Defaults to 1 (enabled).
  • session.use_only_cookies (boolean): specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 5.3.0.

If you disable session cookies, a GET parameter is used instead.

like image 90
Ayman Hourieh Avatar answered Sep 23 '22 12:09

Ayman Hourieh