What's actually stored on the server when using sessions?
I've built a content management system on a commercial host, PHP 4.3.2,
Apache 1.3.28, and use session_save_path() to specify a directory. When
someone logs in, I check the username and password against the database, and
save username as a session variable -- $valid_user = $username;
session_register("valid_user"); If I examine the directory specified by
session_save_path(), I see something like "sess_4f5d...0367". Where's the
session variable "valid_user"? Is it an array element of "sess_whatever", or
are session variables stored in memory with only the ID stored on the
server?
A related question -- I thought that by specifying a directory with
session_save_path(), the session data would not be subject to garbage
collection. However, when I examine the directory specified, I don't see any
creation dates more than 24 hours old, and I know there have been instances
where the Mac OS X Entourage/Internet Explorer bug have caused sessions to
fail, so the user never logged out, and session_unregister() and
session_destroy() were never called for those sessions. Why aren't those
sessions still listed in the sessions directory?
Thanks for any insights.
--
Lowell Allen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
