How do PHP session IDs work? [closed]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP



How do PHP session IDs work? [closed]



I'm a little confused on what session ID's in PHP actually are, and what they are useful for. I am coding a website with user information, register, and login. In login script tutorials in PHP, many people include session_start(). They also check that the current session ID matches that stored in the database for the users (stored during login) and if they do not, they log the user out (redirect to login page by setting header).



What exactly is the function/usefulness of session ID's? And how do I incorporate them into my login script without creating a redirect loop?



Thanks for any help.



Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.





session IDs have nothing to do with users. they're simply a pseudo-random number PHP generates to uniquely identify a particular user of the site, and that ID is sent back and forth via a cookie. You can be a "session user" without ever having a login for a site. the magic comes afterwards, because once you have this unique ID bouncing back and forth, you can establish "state" and remember things about the user.
– Marc B
Mar 12 '15 at 20:47






I'd suggest searching the web for solutions to your problem, and then attempt to write code before asking a question on Stack Overflow.
– Kirk Powell
Mar 12 '15 at 20:53





you can make use of $_SESSION without worrying about the background magic to much
– user557846
Mar 12 '15 at 20:53




1 Answer
1



In brief, a session id identifies a browser.



Since http itself is stateless, every request like loading a page is independent from any previous request.



To overcome this circumstance, you use session_start() to instruct the web server to send a cookie to the browser or, when a cookie exists, tell php the current session id which was saved in the cookie previously.



A session id itself is a randomly generated unique string, only used to track if a browser is already known to the server.



If there is someone visiting a site the very first time, it works like this:



From now on with every following request the browser sends it's session id from the cookie. In this case, phps session_start() picks it up, looks if this session id exists and if so, makes it available to your script.



PHP stores, usually in files on the server, variables "inside a session". That means, via $_SESSION['somevalue'] you can get and set values, e.g. $_SESSION['logged_in'] indicating if the user is logged in.



That whole task of sending an appropriate header to the browser for setting a cookie, reading back the header from a request, storing variables in a file that is named after the session id is wrapped into session_start() for your convenience.



Storing the session id in the database is useful if for some reason you don't want to use the PHP default, which is storing them into text files.



There are many tutorials on the web on how to build a login form with sessions and php. Maybe this tutorial is something you like.



The principle is always the same:



If it isn't clear by now, a session is only a way to remember stuff for a single browser between two different pages. (via $_SESSION)

-

Popular posts from this blog

Firebase Auth - with Email and Password - Check user already registered

Image
Clash Royale CLAN TAG #URR8PPP Firebase Auth - with Email and Password - Check user already registered I want to check when a user attempts to signup with createUserWithEmailAndPassword() in Firebase user Authentication method, this user is already registered with my app. createUserWithEmailAndPassword() 8 Answers 8 To detect whether a user with that email address already exists, you can detect when the call to createUserWithEmailAndPassword () fails with auth/email-already-in-use . I see that @Srinivasan just posted an answer for this. createUserWithEmailAndPassword () auth/email-already-in-use Alternatively, you can detect that an email address is already used by calling fetchSignInMethodsForEmail() (previous called fetchProvidersForEmail() ). fetchSignInMethodsForEmail() fetchProvidersForEmail() When the user trying to create an user with same email address, the task response will be "Response: The email address is already in use by another account." mFirebas
Read more

Dynamically update html content plain JS

Image
Clash Royale CLAN TAG #URR8PPP Dynamically update html content plain JS So I have a script bound in my index.html, which literally has to fetch an array of jsons from an api, then dynamically update my page when get response. But as a result I'm getting an as the only update of my page. here is my script fetch(url) .then((resp) => resp.json()) .then((resp) => resp.results.forEach(item => fetch(item.url) .then((response)=> response.json()) .then((response) => pokeArr.push(response)) .catch(console.log) ) ).catch(console.log) const filler = () => if(!pokeArr) return 0 pokeArr.map((i,j)=> return `<tr>$i.name</tr>` ) const pokeindex = () => document.getElementById('a').appendChild(document.createElement(filler())) pokeindex() When I'm consoling it, I can see in the console all the responses I get, so I'm at least doing the fetching part right. What's parberakan ? What's pokeArr ? – T.J. Crowder Aug 8 at 12
Read more

How to determine optimal route across keyboard

Image
Clash Royale CLAN TAG #URR8PPP How to determine optimal route across keyboard I'm trying to automate the typing process in a video game. Players are given an on-screen QWERTY keyboard layout that they can navigate with the control stick (up, down, left, right) in order to select a letter to type. I was wondering if there was a module for Python (or some other resource I could explore) that would help my program find a path across the keyboard as it types each letter in a given message. In other words, if the first letter typed was "A" and the next letter was "B", the module would know that the program should move 1 space down on the keyboard and 4 spaces to the right. Currently, I have the program resetting to the "G" key after each letter is typed (allowing me to use fixed-directions as the program parses each character in the desired message). As you can imagine, this is quite inefficient and defeats the purpose of automating the typing in the fir
Read more