on 21/02/03 5:34 AM, Joseph Bannon ([EMAIL PROTECTED]) wrote: > I'm starting to use sessions for my website and wanted > to know some things before I fully commit to use them. > > 1) How are sessions different from cookies other than > where the information is stored?
A session is just a method of maintaining state (ie, a way of recognising the same browser/client on each request). One of the methods for maintaining this state is cookies, the other is by passing a SID around in the URL. In the case of cookies, the ONLY data being stored client side is a session ID... if you choose to *entirely* manage your session via cookies, then you'd have to store more data on the client side cookies (uid, pass, preferences, etc). > 2) Does session data stored on the server > automatically delete after a certain time? Yes. There's a lifetime setting (seconds), and there's a garbage cleanout routine. Once the garbage probability has been triggered AND the session lifetime has expired, THEN it gets deleted. > 3) Is a session id created for each user per each > browser or just per each user? Each BROWSER/CLIENT... in the case of cookie based sessions, the cookie is set on the browser, containing a session id... Yes, the user could spoof the cookie on another machine and continue the session, but I dount that was your question. Same with URLs -- the session is passed around via URL, the user *could* grab the SID out of the URL, and append it to another URL on another browser/machine. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php