Sessions

Way of preserving data across a series of web site accesses by the user . session support is enabled by default . configuration options set in php.ini .SID(STRING) is a pre-defined constant within this extension.

User assigned a unique identifier, the “SESSION ID”. Session id is stored in a cookie on the client or in the url .

Site access by user triggers session id check automatically session.auto_start = 1 or upon request … using session_start().

$_SESSION is available as a global variable.

Enable session.use_only_cookies to enforce cookie usage (and prevent session ids in the url) and enable session.cookie_httponly to prevent javascript cookie access (and help prevent session hijacking via xss) .

Leave a Reply

Your email address will not be published. Required fields are marked *