For those that are quite familiar with PHP, maybe you can give me concrete advise on this.
If I wanted to use sessions to store a particular ID for each login, but only for the period of time the person stayed logged in, would I be better off using session management to store the ID in a mySQL db or a file of some sort?
Also, are there any advantages to using one over the other?
The problem with a file is it could be easily intercepted, if you are on a shared server (and that could obviously be bad)
If you are on a shared server i would go with a db, if you are on your own server store a file in a non-web directory and hope that no-one hacks you.
NB: If you are a bank or something disregard my comments.
I am not sure why you need additional storage methods when using session management?
Since with session management in php, it will monitor the visitor moving from one to another page, so if you call session_start() at the beginning, those registered vars will be available to access/check for authorization
I believe the session management itself has several methods to store the session info. (cookie, session id, temp db, or temp text file)
The session id isn't a method of storing the session by itself, it's just passed on the url when you're not using cookies, and then used to store the session in the right text file or database.
If the server supports transparent sessionID, you don't need to pass it with the URL
Check out phpinfo() for details of that feature