At 08:47 24.11.2002, Jean-Christian Imbeault said: --------------------[snip]-------------------- >Ernest E Vogelsinger wrote: > > >> if ($_COOKIE[$_SESSION['cookie_name']] == $_SESSION['cookie_token']) { > >Ok, please forgive my ignorance, but in PHP isn't $_COOKIES the same as >$_SESSION?. I thought it was if the user had cookies turned off (and >even if the user had cookies turned on come to think of it) ... If not >I'm in trouble. > >I was always under the impression that $_SESSION vars were passed as >cookies ... --------------------[snip]--------------------
No, that's a misunderstanding. Session var's are never passed to and from the client, only the session _name_ is passed, either via a cookie (PHPSESSIONID) or via trans-sid href encoding. Session vars are kept server-side in session storage, which is (by default) a file located in the directory where session.save_path is pointing to. The default file name is sess_<session-identifier>. The client only transmits the session identifier so the server is able to correlate a session to a particular request. What I did for this particular application was to extend the system with a cookie that's programmatically sent, using a random cookie name and a random cookie content. Thus I am able to distinguish between multiple logical sessions using the same session identifier, a scenario that could happen when a URL containing a trans-sid has been bookmarked or transfered, or when the client had opened a new window within the same session and continued in "split mode". Whatever the client passes to PHP as a cookie you can access in the $_COOKIES array. Whatever PHP has stored in session storage can be accessed in the $_SESSION array. They are quite different. -- >O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php