1

I have many doubts on cookies and session

1) can anyone explain me work flow of cookies and session together(example if I visit any site and then login by my email and password then how cookies and session work together)

2) if cookies is set for 5 minutes and session is set for 10 minutes what will happen

3) how flow will work if cookies is disabled in my computer.

swapnil jain
  • 252
  • 1
  • 3
  • 22
  • Possible duplicate of [Differences between cookies and sessions?](http://stackoverflow.com/questions/359434/differences-between-cookies-and-sessions) – David Rawson Dec 12 '16 at 09:16

1 Answers1

2

There are many questions which cover your doubts already, I'll link some below. I'll answer your specific questions first:

1) When you visit a website for the first time, actually when you do a session_start() on the PHP side, a new session ID is generated (a random string) and sent to the browser as cookie, usually with the name PHPSESSID, so next time you visit the site the same data is loaded back from the session file (which is stored somewhere on the server)

2) If cookie expires before the session the browser won't send the PHPSESSID value, thus a new session ID is generated. It is usually advisable to use an expire time for cookies way longer. When you expire a cookie, you rely on the client's browser to honor your disposition, but to be safe you must expire the session server side.

3) Sessions won't work, every time the client requests a page a new session cookie will be generated

Some more information:

cookies vs session

Cache VS Session VS cookies?

What is the difference between a Session and a Cookie?

Community
  • 1
  • 1
Johnny
  • 1,770
  • 12
  • 16
  • so if multiple user visit the login page and login in website from same desktop each and every time PHPSESSID will be created? – swapnil jain Dec 12 '16 at 09:44
  • what do you mean from the same desktop? Same browser same PHPSESSID, even if you session_destroy() when user logs out the same code can be reused for new session – Johnny Dec 12 '16 at 13:41
  • suppose user A visit website www.example.com and their is login page on it he enters its credential and he logged in . now after he logs out another user came and logged in by his credentials . so my question is..... every time PHPSESSID is created? – swapnil jain Dec 12 '16 at 17:07
  • It really depends how you "log him out", what happens when he clicks logout? Do you do a `session_destroy()`? Or you do something like `$_SESSION['authuser'] = null;` ? Because in the first case a new session is created, in the second the same session persists (so if you set any other variable it stays there between users. Please note that in neither case the PHPSESSID code is changed – Johnny Dec 12 '16 at 20:42