·  PHP – Terms – Session


- Info:

  - Sessions was introduces to transform HTTP stateless protocol into statesfull one.

  - Stateless means that data is not being stored between HTTP request.

    Each HTTP Request has no knowledge o previous request.

  - Statefull means data data is stored betweem HTTP Request.

    Each HTTP Request can use data which was result of previous Requests.


- Cookies:

  - Initialy user data was stored on Client computer as cookies.

  - With each HTTP request cookie was sent containing data which was result of previous Requests.

  - But single cookie could store only limited amount of data which is why session was introduced.

  - Cookies still play a major rule in sessions handling since cookie would contain session ID.

  - This ID would be sent to server with each HTTP Request.

  - There it would be used to identify data stored on the server for that specific user.

  - Cookies are persitent between sessions, they are not lost once you leave the web site.

  - Client can disable cookies therefore another was of sending session ID was introduced called URL rewriting.

  - Session ID from Cookie can be easily retreived using:




- URL rewriting:

  - If Cookies are disabled on client computer you can use URL Rewriting.

  - URL rewriting involves appending session ID to every local URL found on the web page.

  - This way every time user click on a link session ID is sent as part of HTTP Request.

  - Drawback is that once the user leaves your site session ID is lost, it is not persistent between sessions.

  - Also if someone sends his URL to another person two persons using the same session ID might cause problems.

  - Session ID from URL rewriting can be easily retreived using:



- Storage:

  - PHP can be configuresd to store session data in 4 different ways defined through session.save_handler directive:

    session.save_handler = files|mm|sqlite|user

  - Sessions data can be stored in: flat files, memory, SQLite DB or through user defined function.


- Storage – File:

  - If  you set session.save_handler=files you also have to set session.save_path.

  - session.save_path defines directory where files should be created like this (default is /tmp):

    set session.save_path=/tmp


- Session – Enable:

  - To enable autoamtic session handling for single page call:


  - To enable sessions for complete site you can use:

    session.auto_start = 0|1

    Enabling this directive is that it prohibits you from storing objects within sessions, because the class definition would       need to be loaded prior to starting the session in order for the objects to be re-created.


- Session – Name:

  - By default PHP will use a session name of PHPSESSID.

  - You can change this using following directive:

    session.name = SID


- Session – Allow Cookies:

  - Using Cookies can be automaticly activated usind folloeing directive:

    session.use_cookies = 1

  - This will autoamticly call set_cookie() in you script.


- Session – Allow URL Rewriting:

  - To activate autoamtcic handling of URL Rewriting enable following directive:

    session.use_trans_sid = 1

  - This will automaticly append $SID to each URL.


- Session – Cookie Lifetime:

  - Default cookie lifetime is defined through following directive representing seconds (3600=1hour):

    session.cookie_lifetime = 3600


- Session – Cookie URL Path:

  - To define path in which the cookie is considered valid use following directive:

    session.cookie_path = /         (Entire Web Site)

    session.cookie_path = /books     (http://www.ivoronline.com/books/)

  - The cookie is also valid for all child directories falling under this path.


- Session – Cookie domain:

  - To define domain for which the cookie is considered valid use following directive:

    session.cookie_domain = www.ivoronline.com

  - If you’d like a session to be made available for site subdomains like people.ivoronline.com use this:

    session.cookie_domain =.ivoronline.com


- Session – Validate using referer:

  - Using URL rewriting opens up the possibility that a particular session state could be viewed by numerous individuals       simply by copying and disseminating a URL.

  - session.referer_check directive lessens this possibility by specifying a substring that each referrer is validated against.

    session.referer_check = ivoronline