It brings up another question, though. Let's say that I have a
session_start() call at the beginning of a bunch of pages. So that each
time one of these pages is called, the call is made to session_start().
It seems like it would screw things up royally if each call to
session_start() generated a new SID. The browser sends an SID cookie to
the server on page request. And if the page has a session_start() call
at the beginning of it, is it reasonable to assume that the server will
not generate a new SID, but instead use the one sent in the HTTP request
to find its session information? (Assuming the timeout hasn't expired,
the user is still using the same instance of the browser, etc.)
Similarly, if an SID *isn't* sent by the browser, then a call to
session_start() at the beginning of the page *will* generate a
completely new SID, right?


Correct.

Easy test:

<?php

session_start();
echo "sess id: " . session_id();

visit the page in your browser, refresh a couple of times (id will be the same).

Clear the cookies in your browser, refresh - new id.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to