Many question about Session. Please read and answer me.
I read article "Session Handling with PHP4" from zend.com and have many doubt with this article
1. "If the user disable cookies, the application can use other means of session propagation"
when i use session_start(); and session_register(); Is it automatic use cookie to save the session ID?
and if the user disable cookie, In article tell it use GET/POST, or the script path. and I doubt with it.
because session save ID in cookie. and if use GET/POST or script path method. how to save ID in these method.
and when i use these method Is i must config or edit file or other in mycomputer to
use session_start() and session_register();
2. "It use a cryptographically random session ID to identify user"
Can anyone explain and show example.
3. "if the session isn't start yet. When you start a session either way, PHP check whether a valid session ID exist."
How can PHP know if it found a Session ID. Is it valid.
4. "If you propagate the session ID via cookies, the default lifetime is 0, meaning that the cookie is delete
Is this mean close all window that open browser? for example I'm open 3 window. first window url is www.hello.com
the second and third window is blank window (about:blank) the first window use session that must type
username and password then the data will display. when I close first window. and i type www.hello.com in the
second window i can see the data without type username and password. So it mean session still work.
If I want destroy session when user close the window that use session but not close all window only www.hello.com
how can i set to destroy when close www.hello.com?
5. Follow from question 4 "You can influence the cookie's lifetime with the configuration value lifetime.
You can use the gc_maxlifetime configuration directive to determine how long after the last access to this
session the data should be destroyed. with the gc_maxlifetime, you should use gc_probability. This specifies
with what probability the garbage collection routine should be invoked. If gc_probability is 100, the cleanup is
performed on every request (that is, with a probability of 100%); if it's 1 as by default, old sessions will be
removed with a probability of 1% per request. "
Can anyone explain how to set and implement it.
6. "At the start of a session, a new ID may be created if the session is refuesd and marked as invalid because
the HTTP referer for the page comes from a non-local site and extern_referer_check (note the single "r") is
enabled in the PHP configuration."
I don't understand. Can anyone explain it easy for me.
7. I use Session by default use Cookie. but if the user diable cookie I must use Get/Post method with must configuration url that cookie not. I hove I know that Is user is enable cookie or disable cookie. Because 2 method use different configuration.
2) What do you care? All you need to know is that it is a unique id that cannot be duplicated. I think it takes the microtime(which is unique) and then adds a random number.
3) It checks to see if there is a session id stored on the server side that matches the one from the cookie stored on the client side or in SID. It is a very simple process.
4) All browser windows must be closed for the session to end. You can't get around that.
5) Those variables are in your php.ini file under the Sessions heading. You can change them to whatever you like.
6) Don't worry about it.
7) You can check to see if the user has cookies disabled by trying to set a cookie and reading it, and then pass SID in the url to your script if needed. Or, you can just assume all users have cookies disabled and pass SID in your url regardless.
3) Yes. php does not know if the user has cookies disabled, so sessions always try to set a cookie on the client side. If you use sessions, and thereby try to set a cookie client side, and pass a variable by query string, they are totally independent of each other.