2009/2/7 Paul M Foster <pa...@quillandmouse.com>: > I'm not too clear on HTTP headers, cookies, and such. So here are > questions related to that. Let's say I generate a random number that I > want the user to enter in a form. When I generate the number, I store it > in a session variable ($_SESSION). When the user submits the form, I > check the number they enter with what I've stored in the session > variable. > > Since this session variable survives across page loads (assuming > session_start() is appropriately called), how is it stored and recalled? > > Is it automatically stored as a cookie on the user's system? > > Or is it stored on the server? > > And how does a server "get" a cookie? > > Is it a separate request made by the server to the client? > > If the value I've asked the user for is *not* stored as a cookie, then > is it passed as part of the HTTP submission or what? > > Thanks for any enlightenment on this.
Session data is stored on the server and tied to a browser using a cookie. The cookie contains a random string which uniquely identifies a session on the server. The session_start() function handles all the details of setting and maintaining that cookie and managing the server-side data. Cookies are transferred between client and server with every request in the headers. If you don't have Firefox getfirefox.com. The google for the livehttpheaders addon and install that. Turn it on and browse your site. You will see the cookies in the headers of both requests and responses. Cookies are not stored on the server side, they are sent by the client with each request. No additional HTTP requests are involved when using sessions. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
