Jump to content

session cookie


jimfog

Recommended Posts

there is something I do not understand about session cookies....to destroy it we set a past expiry date.

 

By default though when the session cookie is sent to the browser it has a ...1981 expiry date.

 

After a web search I found that this is for preventing caching the response....

 

 

So what is going on here?

Link to comment
Share on other sites

yes...and the session cookie has a past date by default...

 

Having said the above is there any point when logging out using setcookie() to set an expiry date in the past(for the session cookie)....since it has already a past expiry date.

Link to comment
Share on other sites

I have 2 more questions....

  1. Am I right to assume that setting the date is useful in the "remember me" feature only?
  2. Is there any point using session_start() on the login page of a website....the user has not yet logged in....or it depends the content of the login page?

Link to comment
Share on other sites

Am I right to assume that setting the date is useful in the "remember me" feature only?

Not for session cookies. The server is eventually going to delete the session data regardless of what happens with the cookie.

Is there any point using session_start() on the login page of a website....the user has not yet logged in....or it depends the content of the login page?

I use session_start on every page. I would ask is there any point to not having a session.
Link to comment
Share on other sites

The "session" used by session_start() is not the same as a user's login session. The session is simply a way to have the same variables available on multiple pages, whether they're logged in or not, you need a session to remember things.

Link to comment
Share on other sites

The "session" used by session_start() is not the same as a user's login session. The session is simply a way to have the same variables available on multiple pages, whether they're logged in or not, you need a session to remember things.

I do not understand...what exactly is the session used by session_start()....in contrast with the user's login session.
Link to comment
Share on other sites

Like I said, in PHP a "session" is just a place to store variables so that they are accessible on multiple different pages. I don't know how to put it in simpler terms.

Link to comment
Share on other sites

I'll try and illustrate: Per user that visits, when you have session_start(), a "session" is started/created for that user. So if any session variables are set like: $_SESSION['username'] or/and $_SESSION['loginStatus'], those variables contain values that are distinct for that user during his/her "session".

 

So, you can say for example for "user's login session" like this: 'What is the users' login STATUS, which the status is stored in the variable $_SESSION['loginStatus'] for the current "session" for that user, that was started by session_start() ?'

 

Hope this understands.

Link to comment
Share on other sites

And to be clear, a user doesn't have to be logged in or anything to have a PHP session. You can use $_SESSION with any users browsing session

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...