0

Possible Duplicate:
Where are $_SESSION variables stored?

When ever we working with session, we need to start the session in each page. now suppose i have set the session in 1.php now redirecting to 2.php, in 2.php page i am starting the session again there is no any link between 1.php and 2.php. 2.php is not knowing what is the session id of 1.php.

Now my question is How this 2.php is getting the same session id started by 1.php. Where this session is stored? how it is working?

Here we are not passing any parameter from 1.php to 2.php, as Frederick Marcoux is saying SESSION_START() is IGNORED by 2.php. So how 2.php will get to know that session is already running.

if it is on server side,then in case of multiple session then how will it identify which session is for which request?

Community
  • 1
  • 1
Sumant
  • 954
  • 1
  • 18
  • 39

3 Answers3

1

The session are Cookie based. When you start a session on one page, it will get an ID. This ID will be the same until you make a session_destroy() and you start a new session with session_start().

Why is that way?

Because more than one page may use the same session ID for some user logging or tracking.

What does `session_start()` on `2.php`

It's simply ignored by the server. If you check your PHP log, you will see a thing like that:

SESSION_START() IGNORED. A SESSION HAS BEEN ALREADY STARTED.

I had the same question 3 months ago, but not on this website.

Frederick Marcoux
  • 2,195
  • 1
  • 26
  • 57
1

Think of it this way....

When someone accesses your 1.php page, the session_start() on the top of the page initiates an action on your server (hosting) and unique session id is generated.

Then it is attached to every page (url) on your server (under the same domain) (i.e.: 2.php or 3.php) and if these pages have the session_start() function present, the SID is available for the scripts (on those pages) and can be accessed and verified.

If the SID on your page 3.php is matching the one created/generated by the same user when he/she accessed the page 1.php then you know that this page is being accessed by the same person and do something else for them which you would not do for a visitor who got directly to the page 3.php and did not obtain the necessary SID for example.

The SID is passed from the server to your browser and kept as cookie until it is cleared or it expires.

( ...did I diluted it down to much ? :)

Milan
  • 3,209
  • 1
  • 35
  • 46
  • This thing looks like possible.But are you sure session id is attach to all the url, who will control it? – Sumant Jun 18 '12 at 06:13
  • 1
    The session ID if auto-generated on the sever side is controlled by the server. Once it is stored into the visitor's browser it can be considered as a secret sign when the visitor is accessing other pages under the same domain. Of course you as a programmer can manipulate the session ID, its location, content, availability etc. Please see: http://httpd.apache.org/docs/trunk/mod/mod_session.html – Milan Jun 18 '12 at 15:34
  • Thanks this gave me clear idea how its working. – Sumant Jun 19 '12 at 04:58
0

Try this session_save_path() method to know whr sessions are stored at your web server.

Look at the session.save_path in your php.ini.

swapnesh
  • 26,318
  • 22
  • 94
  • 126