0

I am trying to fully understand sessions, and I conducted this test:

my code is:

test.php

<?
@session_start();

if(isset($_SESSION['test'])) {

echo "test success";

}
?>

When I enter my cookie manually into my browser using an addon as: 

PHPSESSID test

It does not recognise it.

user1088793
  • 623
  • 2
  • 9
  • 19
  • `PHPSESSID` contains the session ID, not the session variable itself. – Barmar Jul 01 '15 at 19:59
  • Session variables are stored on the server. The session ID is just a key used to find all the session variables in that session. – Barmar Jul 01 '15 at 20:00
  • You need to go do some reading up on the very basics of how PHP sessions work … http://stackoverflow.com/questions/1535697/how-do-php-sessions-work-not-how-are-they-used – CBroe Jul 01 '15 at 20:02

2 Answers2

1

$_SESSION is a "superglobal" (available everywhere) array that is tied with a cookie using a unique session id.

If you're wanting to reference cookie values you've set you'll need to use the $_COOKIE superglobal array.

You can read more about superglobals here: http://php.net/manual/en/language.variables.superglobals.php

And how $_SESSION and $_COOKIE works here: http://php.net/manual/en/reserved.variables.cookies.php http://php.net/manual/en/reserved.variables.session.php

You cannot set values in the SESSION by using the browser like that. PHP is the only place you'll be able to set the 'test' key to a value, like true or false.

session_start();

// You could assign this based on the value of a cookie
$_SESSION['test'] = true;

if ($_SESSION['test']) {
    // this is a test session
}

Hope that helps.

bedlam
  • 357
  • 3
  • 9
1

To see the result of your cookie change, do:

<?
@session_start();

if(session_id() == 'test') {
    echo "test success";
}

The cookie contains the session ID, individual session variables are stored on the server, using this ID and the variable name as keys (the default configuration uses a file named after the session ID).

Barmar
  • 741,623
  • 53
  • 500
  • 612