Could anyone tell how to maintain a session (in PHP) so that the session contains are preserved and are accessible even after the browser is restarted.
In general a session expires with the closing of a browser, but I want the session NOT TO BE CLOSED so that the session data's can be accessed the next time the browser is used.
Thanks
There is a really good tutorial on howto save session contents to a database.
The only thing needed is to refill a new session with the saved data - there you go.
Store session data somewhere in a DB and keep session ID in an encrypted persistent HTTP-only cookie.
Related
According to Where are $_SESSION variables stored?: "Usually the session-id is stored in a cookie, but it can also be appended to urls". Once I read that, I asked myseld: so, why is it said that the session-id is deleted when closing the browsers window if it is stored in a cookie?
Then, after Googling a little bit more about it, I found that there are two different types of cookies: session cookies and persistent cookies.
I guess that the session-id is stored in a session cookie, but: beyond the name evidence, why is a session stored in a session cookie and not in a persistent cookie? What is the need of creating a new session-id every time the browser is opened? Why don't re-use it?
There are many reasons you store sessions in session cookies. One case is public computers: if the previous user has logged into their bank account at the library to pay bills you don't want the next user to be able to log into that session by just looking at the History log in the browser. Being sure that the session is gone by closing the browser alleviates this.
You can also use persistent cookies, and many do too, such as Gmail, but what is then important is to set an expiration time that is not too long. Otherwise, if someone gets hold of the session id they can use that forever. Usually the server will send you a new valid session id some minutes before the next goes out to keep your session alive.
"A session once created only get expires"
I mean a session is created for every user. But when the user closes the browser the session cookie gets destroyed and so the session (which is even now in the session store) becomes of no use.
These sessions keeps on accumulating in the session store until they expires themselves.
Please correct me if i am wrong.
Also is there a way to clear the session when the user closes the browser?
Thanks for help
For example, if a user just closes the browser window without logging out (the PHP script unsetting and destroying the session and expiring the session cookie), by default the cookie used to store the session ID will have expired the next time the user opens the browser so s/he won't have access to the same session.
But what happens with the file on the server side that was used to save the session data and what happens with the session data itself?
Will it still be available?
There are parameters called session.gc_divisor and session.gc_probability that you can configure in php.ini or in the .htaccess.
These parameters give the probability (gc_probabiltiy/gc_divisor) to execute the garbage collection of the sessions at every request.
The garbage collection is a process whick check if the last modification of the session file is older than session.gc_maxlifetime and remove it if it is !
So yes, the data are still available for a while on your server.
I'm using nocache headers to tell a Content Delivery Network (CDN) to not cache the page, but every page request generates a new ColdFusion session ID. So I cannot persist session variables!
If I bypass the CDN, the session is unique per browser on my machine - and will work as normal.
I want to see if the CDN company can do anything to help this situation, but I can't find out how ColdFusion decides to create a new session ID. I suspect the CDN is generating something unique each time, but don't know what.
Any thoughts?
Thanks
ColdFusion writes a CFTOKEN and CFID cookie (or poss a JSESSIONID one, depending on your session setings). Those identify your sessions.
Which is the difference between sessions and cookies. I know that sessions are server side, and managed by the server, and the cookies are client side and managed by the browser.
I don't know why, but I see those things as rendundant. Which data have to be keept in a session variable and which on cookies?
Session is implemented with cookies. You would normally save in a cookie things like the user id, or some identifier that will allow you to know who the user is, and use that information as a key for your session variable on the server side.
Most importantly, you wouldn't want any secret information being stored on the client side, since cookies can easily be stolen (from a security point of view).
Don't forget that HTTP is stateless, so cookies are just a way to bypass this.
In short, cookies are more persistent than sessions. As soon as you close your browser, the session information is gone. Therefore a session has no way to store information about a website/user pair. Cookies do, and are used for things like allowing you to stay logged in to a website, or storing preferences for that website (e.g. language).
The main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for.
see http://php.about.com/od/learnphp/qt/session_cookie.htm
Cookies are for small data. They can only hold strings.
In session variables you're able to store objects in the server memory.