Re: [PHP] sessions without cookies *or* URLs

Sun, 06 Oct 2002 05:04:29 -0700 

I think you're under a little misconception about how sessions are used.
Maintaining a session is simply just having a unique identifier for each
"user", so that the server can recognise the user from page to page,
maintaining state.

Typically this is done by passing a session id around in  he URL or cookies
or POSTing forms.  A session ID is typically a long unique number -- that's
it.


What you then do associate or register data TO that Session ID... this data
is stored on the SERVER, and NOT passed around in the URL.


So you pass around PHPSESSID=198235021612423 in the url or a cookie, and
assign data to that session... all of which is stored server side.

The session with the id 198235021612423 may have a username, password, shoe
size, favourite colour, etc etc all attached to it, done with either:

$_SESSION['shoesize'] = "14"; // new register globals OFF method

or

$shoesize = "14";
session_register("shoesize"); // old method


Therefor, I can see no need for anything other than the session ID to be
passed around in the URL.

Hope this clears it up!


Justin French







on 06/10/02 9:26 PM, David T-G ([EMAIL PROTECTED]) wrote:

> Hi, all --
> 
> I've seen a recent flurry of discussion on sessions, and that's good;
> lovely how that has shown up just as I need to dig into sessions.  I
> think I've come to understand, though, that you can't manage sessions
> without either URL extensions or cookies, and that's bad (for me, at
> least).
> 
> Is that a correct understanding?  It seems that using forms to pass the
> session token would work, but that means having all buttons instead of
> links, which has its own disadvantages.  Is there any other way to get
> data to the server?
> 
> We currently use the URL to pass variables but we don't want to hang the
> page password out there :-) and so we have to maove away from that somehow,
> and it would be nice if we could get away from URL mangling entirely.
> Cookies aren't an option, though.
> 
> 
> TIA & HAND
> 
> :-D


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to