When we open a new web browser, all the windows that are open from that
web browser belong to the same session. However, if we open a new web
browser, then it will be different sessions. Is that the correct
concept?
Another question is if session id is generated by the web server?
Session ID is determined by the cookies? Otherwise, how can the web
server know this is new session, or old session?
jrefactors@hotmail.com wrote:
FUP to comp.lang.php (and there is generally no reason to crosspost
between clj.help and clj.programmer).
> When we open a new web browser, all the windows that are open from that
> web browser belong to the same session. However, if we open a new web
> browser, then it will be different sessions. Is that the correct
> concept?
No, depends on browser and how the new "windows" get opened.
> Another question is if session id is generated by the web server?
Atleast for PHP the client can set the sessionID.
> Session ID is determined by the cookies?
Could be. Depends on server configuration.
> Otherwise, how can the web server know this is new session, or old
> session?
The webserver doesn't care (atleast with PHP), if you actually care you
have to write your own code to do sessionID generation and checking.
1) no, that's wrong. everything would be saved to ur pc. just like a
cookie
2) session is saved to local pc as the cookies
newB wrote:
> 1) no, that's wrong. everything would be saved to ur pc. just like a
> cookie
>
> 2) session is saved to local pc as the cookies
No and no. http://in2.php.net/session
--
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
jrefactors@hotmail.com wrote:
> When we open a new web browser, all the windows that are open from
that
> web browser belong to the same session.
Yes. This happens as the browser will send current session id (from
cookie or query string) to the server--and the state is maintained.
> However, if we open a new web
> browser, then it will be different sessions. Is that the correct
> concept?
Mostly, but it depends on the settings (php.ini)--PHP's default
setting uses non-persistent session cookies and so it happens. But, if
you configure it to use persistent session cookie (persistent
cookie==cookie with life time not equal to zero) and if the client
sends cookie to server, the session might be same.
> Another question is if session id is generated by the web server?
> Session ID is determined by the cookies?
PHP's session management is "permissive"--which means if you send a
session id to server (using cookies or query string) it will try to use
("use" here means starting new session or resuming session) your
session id. This is the main cause for session hijacking.
> Otherwise, how can the web
> server know this is new session, or old session?
That depends on session.gc_maxlifetime setting. After this
session.gc_maxlifetime time, session will be seen as garbage or
expired.
p.s.: For your questions, everything depends on the php.ini settings
--
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
session is not belongs to the web browser...when the first time a
request come from a user to a server the sever automitacally give hime
a session.. what ever the browser the user is use.
>>u can check this by copyeing the url and paste it in another browser
after a successfulyy login-- u see that all the autheticate page you
are browsing
cockies is used by some of the web hoster to track u .to find that u r
browsing their site for the first time or for the seccond time . when
basically we check on save pass check box this is save in our hard disk
as cockie. so seccond time when we logon to that particuler site that
cockie is send user name and password for us.
>>u can check this by opening cockie folder what is under document and
settings E:\Documents and Settings\UR_USER_NAME\Cookies folder and if u
delete a cockie what may e set for yahoo or hotmail so nexttime when u
going to logon their pages the auto loging system will not work
HTTP protocols are stateless, so one state dont know about other state.
session id is nedded to be handeld by server side scipting .usually it
is handeld by programer. so it is basically our responsibility to play
with a session, check it in every pages.. send it to one page to other
u can do that in many when like by checking when u give him the id
their is many way u can handel a id, like for a page-the id will valid
only in a page in a whole session or for some default timing.
if in ur websites theire is no securitu like no user name and login
system then u can easily forget aout this session and cockie things
bye
take care