Substituting $_SESSION with other superglobals

[ala888]

Why cant I just use something else like another superglobal ? Set a random variable, and check that random variable

or is it just by definition - set in stone by some PHP dudes in a white labcoat?

Edited July 4, 2014 by ala888

[Don E]

If you want to remember a value or whatever it may be on a website no matter what page you're on for that particular website, $_SESSION is an option. $_COOKIE is another option but if you're going to have sensitive data, probably best stored in $_SESSIONs instead of cookie.

 

The reason why imo substituting sessions for other super globals is not good idea is because sessions and their data are stored on the server per user. This is mainly why it's recommended to use sessions when dealing with sensitive data that needs remembering for that users' visit/time on the site. They are short lived too. If/when user closes the browser, they are destroyed.

 

So not sure how you can use something else besides cookies that's similar to sessions that were set in stone most likely by the PHP dudes in white lab coats.

[justsomeguy]

Why cant I just use something else like another superglobal ? Set a random variable, and check that random variable

Because every request to PHP is independent, it is a completely different PHP process on the server. They do not share memory or anything else. The reason sessions work is because, usually, when you start a session the server sends a session identifier cookie to the browser. When the browser makes future requests, it sends the session ID back to the server, and PHP looks up the session with that ID and makes the values available in $_SESSION. Everything else is completely separate. It is like, for each request, a new php.exe runs to handle just that one request. There's not a single PHP thread always running on the server that handles every request, in reality every request is completely separate from all other requests. That's not even something to do with PHP, that's how HTTP works in general. HTTP is a stateless protocol. Things like cookies were added as a way to share data between HTTP requests.