questions about a session cookie

[alluoshi]

Hi, when the user visits a session enabled page for the first time, the web server creates a cookie that holds the session ID and sends it to client.

1- Where is this cookie located? I can see it from the browser -> show cookies but when I go to the location where all cookies are stored, I can't find it

2- What is the size of this session cookie?

3- the default session time in php is 1440 seconds. Does that mean every time the user refreshes a session-enabled page, the new expiry date of the cookie will be changed to time() + 1440?

[ignace]

1) the cookie's lifetime is 0 this means that when you close the browser it get's deleted

2) depends on the information stored

3) the default session is not 1440 but 0 which again means that when you close the browser you are also logged off to extend this see http://be2.php.net/manual/en/function.session-set-cookie-params.php What you are referring to is the garbage collection lifetime which is 1440 by default this means that after 1440 seconds the session will be deleted from your server

[PFMaBiSmAd]

1) If the session.cookie_lifetime is zero (the default) the cookie is held in the browser's cookie cache. You must be using IE, because in FF you can see it under the tools/options/privacy menu. A cookie file is only saved to the hard disk when the session.cookie_lifetime is > 0

 

2) The session cookie is only big enough to hold the session id, 32 hex characters if I am not mistaken.

 

3) The default session.cookie_lifetime is zero, meaning that the cookie is deleted when all instances of the browser are closed. The default session.gc_maxlifetime is 1440 seconds. While it is true that when session garbage collection runs, it ends any sessions who's last access time is older than than value, this is not a default session time and should not be relied on to end sessions. Garbage collection runs randomly, so old session data files could exist for any amount of time until garbage collection actually runs.

[alluoshi]

Thanks for replying.

With respect to the 1440 seconds, does that mean the garbage collection will delete the session after 1440 seconds since the last time the user has refreshed a session-enabled page? (I mean not the first time when the session was created) second, where does the browser store a session cookie (location on hard disk?) it is not in the directory where all cookies are stored. this is at least in Internet explorer

[wildteen88]

The location of the cookie is different depending on the browser you're using. IE stores all cookies in the Temporary Internet Files folder (can be accessible by Tools > Internet Options > Browsing History > Settings > View Files). IE stories cookies as text files in this format: cookie:<windows_username>@<sitename.com>

 

To see how cookies are stored in other browsers you'll have to consult their documentation. Most modern browsers allow you to browse cookies from their settings manager.

[alluoshi]

Thanks, apparently I got a reply while I was typing mine.

I am interested to store the session end time. we have 3 options:

1- when the user logs out, this is easy, I can store time() in a variable and send it to a database

2- After 20 minutes of inactivity (this in my case). I can also handle this by storing last access time in a session variable and test if time() - $_SESSION['time'] > 1200 then send $_SESSION['time'] to the database

3- Now, what about if the user closes the browser, can I handle this to know the session end date?

[cringe]

2) The session cookie is only big enough to hold the session id, 32 hex characters if I am not mistaken.

Not hex. I see letters a-z in mine. Hex would be just letters a-f. (and 0-9 of course).

Example: sess_k823ri2425tjlhn0741uj3frs5

 

Thanks.