Jump to content


This topic is now archived and is closed to further replies.


How does session handling work?

Recommended Posts

Just curious, AFAIK php passes the session id in a cookie, but if cookies are disabled sessions will not work, unless the page is called with the PHPSESSID variable in the url.

My question is, I've got cookies disabled and passing the PHPSESSID in the url, but after that the only thing I'm calling is session_start() just like that and nothing else.

Does this mean that the session_start function also checks the GET variables for the variable named PHPSESSID? and if found uses it? Is this correct?
What's going to happen if a bookmark is called up that has an old session in the URL?
Is it just going to ignore the old session key and start a new one, meaning that the URL
in the address bar will not reflect the actual session at the time?

Also, does this imply that if I intend to POST a form to the same page, and leave the action= to blank it's going to post the wrong session key again, thereby starting another new session each time the form is posted?

So I imagine I would have to construct something like this for the action=
$_SERVER['PHP_SELF']."?PHPSESSID=".session_id(  );

Sorry if this questions a bit complicated,


Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.