2

PHP will start a new session if a browser is closed and reopened.

The old session file is still kept in the session save directory, but a new session is started.

What does php look for in the browser to know that it must start a new session?

I guess what i am really asking is, what exactly does session_start() do under the hood

ThiefMaster
  • 310,957
  • 84
  • 592
  • 636
Marty Wallace
  • 34,046
  • 53
  • 137
  • 200
  • 1
    The session ID is saved in a cookie in the users browser. If none is found/one is invalid it creates one. – Prisoner Jan 17 '13 at 15:45
  • http://stackoverflow.com/questions/1535697/how-does-php-sessions-work-not-how-are-they-used – Aaron W. Jan 17 '13 at 15:45
  • I am pretty sure if there is no active session, ie any old sessions are expired, a session is started. – Leeish Jan 17 '13 at 15:46
  • 1
    php doesnt look for anything, php get's a cookie with the name `PHPSESSID` or something like that. if the browser is closed this cookie will be destroyed. – Manuel Jan 17 '13 at 15:46
  • So the browser deletes the cookie automatically unless php sepcifies an expiry date? – Marty Wallace Jan 17 '13 at 15:47
  • @MartyWallace depends on the browser's settings and how the cookie was set. – kittycat Jan 17 '13 at 15:48
  • that's pertty much how normal cookies work. i suppose sessions work about the same. – Manuel Jan 17 '13 at 15:48

5 Answers5

0

The cookie containing the session id is set without an expiry by default. This means it will expire when the browser is closed. So the session will be lost at that point since the client won't have the old session ID anymore.

ThiefMaster
  • 310,957
  • 84
  • 592
  • 636
0

To simply answer your question, it looks for a cookie called PHPSESSID and if no cookie is supplied in the request, a call to session_regenerate_id is made to initialize the cookie value.

The cookie is then persistently used throughout the lifetime of the browser.

Unless other settings apply, this is a stripped down version of the default behavior.

Khez
  • 10,172
  • 2
  • 31
  • 51
0

All you want to know is already written here: http://www.php.net/manual/en/function.session-start.php

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers. These will either be a built-in save handler provided by default or by PHP extensions (such as SQLite or Memcached); or can be custom handler as defined by session_set_save_handler(). The read callback will retrieve any existing session data (stored in a special serialized format) and will be unserialized and used to automatically populate the $_SESSION superglobal when the read callback returns the saved session data back to PHP session handling.

Basically, PHP writes a special file in the file system (usually in the /tmp directory) and gets the data from there.

Simone
  • 20,302
  • 14
  • 79
  • 103
0

The session ID (PHPSESSID) is saved in a cookie in the users browser. If none is found/one is invalid it creates one. The image below may be of some help in understanding what you want to know (it's from Chrome).

enter image description here

Once PHP gets this session ID, it looks for the corrisponding session which is stored in the session save_path (normally /tmp on unix machines). It then gives you the ability to access the information stored in that session file using the $_SESSION superglobal.

Prisoner
  • 27,391
  • 11
  • 73
  • 102
0

The cookies are stored only if there is nothing outputted on the PHP page prior to the session_start() call. If there is something being outputted, the cookie is not stored and you need another method(as mentioned, SQLite or MySQL) to store those UNIQUE values and recognize and separate each user.

hjpotter92
  • 78,589
  • 36
  • 144
  • 183