I would like to know where PHP session data is saved; is it in client browser? or on the server?
When I disable cookies in my browser setting, PHP can't save session data, but in php.ini
, I can change the session save path.
Is session data stored on the server or client browser?
The session data that you read and write using $_SESSION
is stored on server side, usually in text files in a temporary directory. They can not be accessed from outside.
The thing connecting a session to a client browser is the session ID, which is usually stored in a cookie (see the comments for exceptions to that rule). This ID is, and should be, the only thing about your session that is stored on client side.
If you delete the cookie in the browser, the connection to that session is lost, even if the file on the server continues to exist for some time.
The session.save_path
variable influences the location on the server where the session data is stored. If you are not the server's administrator, it is usually not necessary to change it.
If cookies are disabled, the session ID is appended to all page requests.
@Martijn That is not the default behaviour of session. This need some more code stuff to be done in your side
Correct, and if cookies are not available, the session ID is passed through URLs and hidden form inputs. This is handled automatically by PHP. See php.net/manual/en/session.idpassing.php
@Shakti not necessarily.
session.use_trans_sid
rewrites your HTML output to add the session ID automagically. It just doesn't always work, e.g. with Javascript.@Shakti Singh please READ my comment and the URL I provide, most of the work is done by PHP.