jimfog Posted August 11, 2015 Share Posted August 11, 2015 there is something I do not understand about session cookies....to destroy it we set a past expiry date. By default though when the session cookie is sent to the browser it has a ...1981 expiry date. After a web search I found that this is for preventing caching the response.... So what is going on here? Link to comment Share on other sites More sharing options...
justsomeguy Posted August 11, 2015 Share Posted August 11, 2015 Setting a past date does not delete a cookie. A past date means a temporary cookie that will be removed when the browser closes. Link to comment Share on other sites More sharing options...
jimfog Posted August 11, 2015 Author Share Posted August 11, 2015 yes...and the session cookie has a past date by default... Having said the above is there any point when logging out using setcookie() to set an expiry date in the past(for the session cookie)....since it has already a past expiry date. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 11, 2015 Share Posted August 11, 2015 No, there's no point to set the date. If you want to destroy the cookie then remove the content. Link to comment Share on other sites More sharing options...
jimfog Posted August 11, 2015 Author Share Posted August 11, 2015 I have 2 more questions.... Am I right to assume that setting the date is useful in the "remember me" feature only? Is there any point using session_start() on the login page of a website....the user has not yet logged in....or it depends the content of the login page? Link to comment Share on other sites More sharing options...
justsomeguy Posted August 11, 2015 Share Posted August 11, 2015 Am I right to assume that setting the date is useful in the "remember me" feature only?Not for session cookies. The server is eventually going to delete the session data regardless of what happens with the cookie.Is there any point using session_start() on the login page of a website....the user has not yet logged in....or it depends the content of the login page?I use session_start on every page. I would ask is there any point to not having a session. Link to comment Share on other sites More sharing options...
Ingolme Posted August 11, 2015 Share Posted August 11, 2015 The "session" used by session_start() is not the same as a user's login session. The session is simply a way to have the same variables available on multiple pages, whether they're logged in or not, you need a session to remember things. Link to comment Share on other sites More sharing options...
jimfog Posted August 19, 2015 Author Share Posted August 19, 2015 The "session" used by session_start() is not the same as a user's login session. The session is simply a way to have the same variables available on multiple pages, whether they're logged in or not, you need a session to remember things.I do not understand...what exactly is the session used by session_start()....in contrast with the user's login session. Link to comment Share on other sites More sharing options...
Ingolme Posted August 19, 2015 Share Posted August 19, 2015 Like I said, in PHP a "session" is just a place to store variables so that they are accessible on multiple different pages. I don't know how to put it in simpler terms. Link to comment Share on other sites More sharing options...
Don E Posted August 19, 2015 Share Posted August 19, 2015 I'll try and illustrate: Per user that visits, when you have session_start(), a "session" is started/created for that user. So if any session variables are set like: $_SESSION['username'] or/and $_SESSION['loginStatus'], those variables contain values that are distinct for that user during his/her "session". So, you can say for example for "user's login session" like this: 'What is the users' login STATUS, which the status is stored in the variable $_SESSION['loginStatus'] for the current "session" for that user, that was started by session_start() ?' Hope this understands. Link to comment Share on other sites More sharing options...
thescientist Posted August 20, 2015 Share Posted August 20, 2015 And to be clear, a user doesn't have to be logged in or anything to have a PHP session. You can use $_SESSION with any users browsing session Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now