I've tried to research this mechanism but only find hints and these are not very consistent. How is the session _id sent to the browser and how is the browser instructed to return it when the user requests a new page?
Thanks, Chris
Sessions in PHP normally do use cookies to function. But, PHP sessions can also work without cookies in case cookies are disabled or rejected by the browser that the PHP server is trying to communicate with.
Yes. PHP sessions rely on a cookie containing a session key. Your session data are stored only on your server, but a unique ID is assigned to each session and that ID gets saved in a cookie.
Here are some examples of what happens if you block all cookies: You may not be able to automatically sign in to a site because your saved username and password is deleted. Some web pages or features won't function. You may see a message on websites asking you to enable cookies for it to load.
If its a public session then yes, you can use no cookies session.
PHP will do 2 things:
<form>
opening tags.Note that this is a dangerous thing to do, because anyone who you e.g. copy/paste a URL to containing an PHPSESSID parameter will be able to share your login session on the site - the webserver has no easy way of telling that you are different from the person you sent the link to...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With