simple question about session




I am using sessions in my php scripts because i read it worked even if the user doesn't accept the cookies.

But i read another article recently that said that for each session a cookie was created to contain the id session.

Hope someone can help me .

Basically, whenever a session is started, a temp file (cookie) is created on the server side which is identified by a randomly generated sessionID (PHPSESSID) and contains a session's information (registered variables and their values).
Eg. The file sess_f828da0ce39572a81e4a803d10928150 contains : logged_id|i:0;css_file|s:13:"mainstyle.css";msg|s:0:"";

In order for the client system to make use of these variables, it must know which temp file it "owns". The same sessionID gernerated earler must be stored on the client side somehow and made available to each page that needs to use the session variables. If the client "knows" the sessionID, then it knows which tempfile it "owns" on the server. You can do this two ways:

1. passing it from page to page using a client-side cookie which stores nothing but the sessionID
Eg. The file: blahblah_temp contains: f828da0ce39572a81e4a803d10928150

2. or passing it via GET/POST variables (in the URL)
Eg. blahpage.php?PHPSESSID=f828da0ce39572a81e4a803d10928150

The latter form is not as secure but allows you to work around users that do not allow cookies. Here's a good explanation of the difference:

Hope this helps!