Re: [PHP] sessions without cookies *or* URLs

Sun, 06 Oct 2002 18:07:10 -0700 

Justin, et al --

...and then Justin French said...
% 
% I think you're under a little misconception about how sessions are used.

Perhaps.  I'm new to them :-)


% Maintaining a session is simply just having a unique identifier for each
% "user", so that the server can recognise the user from page to page,
% maintaining state.

Right.  And since it can recognize the user, it can store all sorts of
things for him, like the fact that he's been authenticated and what
function he did last and so on.  Right?


% 
% Typically this is done by passing a session id around in  he URL or cookies
% or POSTing forms.  A session ID is typically a long unique number -- that's
% it.

Right.  But it's the "in the URL or cookies" that's a problem for me.


% 
% 
% What you then do associate or register data TO that Session ID... this data
% is stored on the SERVER, and NOT passed around in the URL.

I understand enough that the data itself isn't in the URL, and that's
good (because some of these page comments get long!).


% 
% 
% So you pass around PHPSESSID=198235021612423 in the url or a cookie, and
% assign data to that session... all of which is stored server side.

Are those the only ways that I can pass it around?  Is there anything
else?  [Note that I've come to the conclusion that they are and there
isn't except perhaps a POST form, but I'd love to be pleasantly surprised.]


% 
% The session with the id 198235021612423 may have a username, password, shoe
% size, favourite colour, etc etc all attached to it, done with either:

Good deal; that's what I like.


% 
% $_SESSION['shoesize'] = "14"; // new register globals OFF method
% 
% or
% 
% $shoesize = "14";
% session_register("shoesize"); // old method

Right.


% 
% 
% Therefor, I can see no need for anything other than the session ID to be
% passed around in the URL.
% 
% Hope this clears it up!

It's a start; it confirms some of what I think I understand about
sessions.  Now if only I can get the session ID out of the URL without
using any cookies...  Any ideas, anyone?


% 
% 
% Justin French


TIA & HAND

:-D
-- 
David T-G                      * It's easier to fight for one's principles
(play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie
(work) [EMAIL PROTECTED]
http://www.justpickone.org/davidtg/    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Attachment: msg81311/pgp00000.pgp
Description: PGP signature

Reply via email to