Pekka
2011-04-08 18:20:13
The session data that you read and write using $_SESSION is stored on server side, usually in text files in a temporary directory. They can not be accessed from outside.
The thing connecting a session to a client browser is the session ID, which is usually stored in a cookie (see the comments for exceptions to that rule). This ID is, and should be, the only thing about your session that is stored on client side.
If you delete the cookie in the browser, the connection to that session is lost, even if the file on the server continues to exist for some time.
The session.save_path variable influences the location on the server where the session data is stored. If you are not the server's administrator, it is usually not necessary to change it.
If cookies are disabled, the session ID is appended to all page requests.
@Martijn That is not the default behaviour of session. This need some more code stuff to be done in your side
Correct, and if cookies are not available, the session ID is passed through URLs and hidden form inputs. This is handled automatically by PHP. See php.net/manual/en/session.idpassing.php
@Shakti not necessarily.
session.use_trans_sidrewrites your HTML output to add the session ID automagically. It just doesn't always work, e.g. with Javascript.@Shakti Singh please READ my comment and the URL I provide, most of the work is done by PHP.