5.7. Sessions
A PHP session allows an application to store information for the current “session,” which can be defined as one user being logged in to your application. A session is identified by a unique session ID. PHP creates a session ID that is an MD5 hash of the remote IP address, the current time, and some extra randomness represented in a hexadecimal string. This session ID can be passed in a cookie or added to all URLs to navigate your application. For security reasons, it's better to force the user to have cookies enabled than to pass the session ID on the URL (which normally can be done manually by adding ?PHP_SESSID=<session_id>, or by turning on session.use_trans_sid in php.ini) where it might end up in web server's logs as a HTTP_REFERER ...
Get PHP 5 Power Programming now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.