Archive | PHP RSS feed for this section


18 May


When the session_start is called, PHP is looking for an argument from the client (sent via POST, GET or Cookie) with the name of to retrieve the session ID.

If it finds a valid session ID (there are some syntactical restrictions), it tries to retrieve the session data from the storage (session.save_handler) to store it in $_SESSION.

If it can’t find an ID or the configuration forbids its usage (see session.use_cookies, session.use_only_cookies and session.use_trans_sid), PHP generates a new ID using a hash function (session.hash_function) on data of a source that generates random data (session.entropy_file).

At the end of the runtime, it stores the $_SESSION data in the designated storage.

1. Will session works, if cookies are disabled?
NO. In this case each call to session_start will generate a new ID as it can’t find the previous ID.