How Session Works?

Any body can explain me how session works in PHP. for eg. 3 users logged into gmail. how the ser开发者_如何学编程ver identifies these 3 uers. what are the internel process behind that.

Sessions are made up of two components, a client-side session ID and server-side session data. Clients can send a session ID to the server as a URL param, cookie, or even HTTP headers. The server then uses this session ID to find the appropriate session data to return to the client.

You can tweak session behavior via the various session_ functions.

Sessions are a combination of a server-side session data and a client-side cookie, with the client-side cookie containing nothing other than a reference to the correct data on the server. Thus, when the user visits the site, their browser sends the reference code to the server, which loads the corresponding data.

This may seem a bit clumsier than just having a client-side cookie with all your data in, but there are a few advantages:

• Your server-side session data can contain very large amounts of data with no hassle - client-side cookies are limited in size
• Your client-side cookie contains nothing other than a small reference code - as this cookie is passed each time someone visits a page on your site, you are saving a lot of bandwidth by not transferring large client-side cookies around
• Session data is much more secure - only you are able to manipulate it, as opposed to client-side cookies which are editable by all

It is also important to note that sessions only last till the user closes their browser, whereas cookies can be configured to last longer. However, other than the above, there is not much difference between session data and cookie data for most purposes.

The following is a very good article which explains how sessions and cookies work within PHP.

Sessions are very straightforward.

When I login to your site, PHP will set a standard browser cookie with a "session ID" — usually an alphanumeric string like 63f1a67cf52b5d2bbd0cbef45e18b242.

As with all cookies, my browser will send that cookie back to your server with every request I make. Thus, your application now knows that every request that comes with a session ID of 63f1a67cf52b5d2bbd0cbef45e18b242 comes from me.

Thus, if you need to store any information about me, you can keep track of it under 63f1a67cf52b5d2bbd0cbef45e18b242. By default, PHP stores this information in files in the /tmp/ directory, though you can override that and store it anywhere you like (e.g., in a database). What matters is associating that session ID with a particular user.

I don't want to oversimplify things. There are some concerns (like, what if an intruder sees my unencrypted session ID and starts using it himself — he could conceivably start masquerading as me), and there are some ways to alleviate those concerns. But the basic mechanism of storing a session ID in a cookie and using that to identify information about me stored on the server is pretty universal.

Gmail uses Python I think, not PHP.

PHP by default writes its sessions to the /tmp directory. It can be configured to store the sessions in the database.

It identifies the sessions via a cookie, but can also be configured to pass a query string but it is very ugly.

How Does PHP Session Works

• Firstly PHP creates a unique identifier number (a random string of 32 hexadecimal number, e.g 3c7foj34c3jj973hjkop2fc937e3443) for an individual session.

• PHPSESSID cookie passed that unique identification number to users browser to save that number.

• A new file is creating to the server with the same name of unique identification number with sess_ prefix (ie sess_3c7foj34c3jj973hjkop2fc937e3443.)

• Web browser sent that cookie to the server with each request.

• If PHP gets that unique identification number from PHPSESSID cookie (on each request), then PHP search in the temporary directory and compare that number and file name. If both are same then it retrieves the existing session otherwise create a new session for that user.

A session destroys when the user closes the browser or leaving the site. The server also terminated the session after the predetermined period of session time These are the simple mechanism are using PHP to handle the session. I hope this article with help you to understand how PHP SESSION is working.

See this article for more details. How Does PHP Session Works

When first time opening a web page (a URL) your browser sends a request to that server, at this time, the header not containing any cookie or session to be included, then, after the server responses to the web-browser (User Agent) the server might send cookie or session, at this time, the browser saved them for next request.

Now, when reloading the page, the browser sends back the cookie to the server (Contained in the header of the request), then, server can access it and validate it.

For the session: its a temporary cookie, that will be terminated after windows is closed.

PHP SESSION PHP uses session cookie for one key-value pair that named PHPSESSID, the server depends on the value of this key and finding equivalent key-value pair using the value of PHPSESSID. Using this approach preventing some kind of attack like decrypting actual values of cookie, because cookie saving all key-value pair in clients PC that can be seen, while, session is depends on one key-value pair.

The session_start() function define on the top of header...this will generate a unique number. Session is the way to communicate with the server. Session store on server side and client side. Browser store session in tmp file or cookies.

Cookies keep the session name and value it does not put the session data. The data kept by session on server side. when client send the request to server...server get the session id and return the data to client. The session_id generate from server side and session_id is the way to identify the request come from where.

A cookie.
Or a parameter in the url. And this internet process is called HTTP protocol.

The session_start( ) function generates a random Session Id and stores it in a cookie on the user's computer (this is the only session information that is actually stored on the client side.) The default name for the cookie is PHPSESSID, although this can be changed in the PHP configuration files on the server (most hosting companies will leave it alone, however.) To reference the session Id in you PHP code, you would therefore reference the variable $PHPSESSID (it's a cookie name; remember that from Cookies?) Your sharp mind may be wondering what happens when you come to the second pass through your page and reach the session_start( ) function again. PHP knows that there is already a session on progress and so ignores subsequent instances of the session_start( )