What's actually stored on the server when using sessions? I've built a content management system on a commercial host, PHP 4.3.2, Apache 1.3.28, and use session_save_path() to specify a directory. When someone logs in, I check the username and password against the database, and save username as a session variable -- $valid_user = $username; session_register("valid_user"); If I examine the directory specified by session_save_path(), I see something like "sess_4f5d...0367". Where's the session variable "valid_user"? Is it an array element of "sess_whatever", or are session variables stored in memory with only the ID stored on the server?
A related question -- I thought that by specifying a directory with session_save_path(), the session data would not be subject to garbage collection. However, when I examine the directory specified, I don't see any creation dates more than 24 hours old, and I know there have been instances where the Mac OS X Entourage/Internet Explorer bug have caused sessions to fail, so the user never logged out, and session_unregister() and session_destroy() were never called for those sessions. Why aren't those sessions still listed in the sessions directory? Thanks for any insights. -- Lowell Allen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php