What Is PHPsessid

What is PHPSESSID?

PHP uses one of two methods to keep track of sessions. If cookies are enabled, like in your case, it uses them.

If cookies are disabled, it uses the URL. Although this can be done securely, it's harder and it often, well, isn't. See, e.g., session fixation.

Search for it, you will get lots of SEO advice. The conventional wisdom is that you should use the cookies, but php will keep track of the session either way.

What is PHPSESSID and why it is not getting in Localhost and can I use this for any encryption Key

If you want to get session id then you can get from below code.

<?php
session_start();
$sid = session_id();
echo "Session ID returned by session_id(): ".$sid."<br>";

It will be identify the unique user.

How does PHP set the PHPSESSID into $_COOKIE superglobal variable without using the function setcookie() or setrawcookie()?

The default name for the cookie is PHPSESSID. To reference the session Id in my PHP code, I would therefore reference the variable $PHPSESSID

No, it is just the name of the cookie, it will not be set as a global variable. You can access the value in $_COOKIE['PHPSESSID']. But really, this should not concern you at all, you should only use the session_* functions and the $_SESSION superglobal to interact with PHP's session API, the underlying cookie being used is none of your concern for most intents and purposes.

… it's nowhere using any of the functions setcookie() or setrawcookie()

If I assume that the session id is set as a cookie variable and setccookie() or setrawcookie() might have been called internally …

Yes, PHP is calling some functions internally that will set the cookies. It's probably neither setcookie nor setrawcookie but some internal C function that sets the cookie. Again, it's none of your concern really. You just need to understand that calling session_start will somehow internally cause a cookie to be set.

… then what are the parameter values set while calling either of the functions setccookie() or setrawcookie() to set the cookie value?

Those are determined by the various session.cookie_* parameters you can set via session_set_cookie_params or ini_set.

How do PHP sessions work? (not how are they used?)

In the general situation :

  • the session id is sent to the user when his session is created.
  • it is stored in a cookie (called, by default, PHPSESSID)
  • that cookie is sent by the browser to the server with each request
  • the server (PHP) uses that cookie, containing the session_id, to know which file corresponds to that user.

The data in the sessions files is the content of $_SESSION, serialized (ie, represented as a string -- with a function such as serialize) ; and is un-serialized when the file is loaded by PHP, to populate the $_SESSION array.


Sometimes, the session id is not stored in a cookie, but sent in URLs, too -- but that's quite rare, nowadays.


For more informations, you can take a look at the Session Handling section of the manual, that gives some useful informations.

For instance, there is a page about Passing the Session ID, which explains how the session id is passed from page to page, using a cookie, or in URLs -- and which configuration options affect this.

Why does my Wordpress website set a PHPSESSID cookie?

This is for session.
If you are using session by using session_start() at the most top of your script.
You can find this name (PHPSESSIONID) as an option value in your php.ini following part is from mine (php on IIS)

; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID

I suspect that (without having trying) that you have a cookie because there is an other option set

; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1

you can read more about session and session cookies here http://php.net/manual/en/session.configuration.php#ini.session.use-cookies

PHPSESSID is blank when I echo this

Use the session_id function. This retrieves the value of the session id regardless of the name that was used to create the session (cookie or otherwise).

If you are interested in getting the name, you could use use ini_get("session.name").

How Session Works?

Sessions are made up of two components, a client-side session ID and server-side session data. Clients can send a session ID to the server as a URL param, cookie, or even HTTP headers.
The server then uses this session ID to find the appropriate session data to return to the client.

You can tweak session behavior via the various session_ functions.

PHP set PHPSESSID

PHP's superglobals are populated with data when the script starts up, and then they are NOT touched again by PHP for the life of the script. Your new session ID will only show up on the NEXT request, after the new session cookie's had a chance to round-trip through the client's browser.

My web host is adding ?PHPSESSID=fgh2h45... to the end of the URL

Your "host" isn't causing the issue, PHP is appending this data. Specifically, PHP is configured to append the PHPSESSID variable to the URL to allow PHP to track the session. It's possible to change the relevant setting using ini_set prior to calling session_start, or more permanently by updating the php.ini file (though since you're hosted this last option is probably out). This is a list of the available runtime settings for sessions in PHP.

While you can control whether or not the value is appended to the end of your URLs, it's required to track the sessions. Alternatively you can configure PHP to use cookies to track sessions, but requiring cookies to track sessions may break your application for users who reject cookies.

In short, you can control the session ID to make it a little prettier (by renaming PHPSESSID to something more amenable or making the value less cryptic) but unless you want to use cookies to maintain the session, you're stuck with this "garbage" on your URL. If you only use cookies some users may not be able to maintain the session.

To enable cookie based session handling you can execute either:

// stop PHP from automatically embedding PHPSESSID on local URLs
ini_set('session.use_trans_sid', false);

or

// only use cookies (no url based sessions)
ini_set('session.use_only_cookies', true);

Related Topics

Php: Get List of All Filenames Contained Within My Images Directory

How Does Array_Diff Work

Convert to Date Format Dd/Mm/Yyyy

How to Maintain Session in Curl in PHP

Multi-Byte Safe Wordwrap() Function for Utf-8

Fatal Error: Call to a Member Function Query() on Null

How to Convert an Image to Black and White in PHP

Dynamic Comparison Operators in PHP

Passing an Array to MySQL

How to Take a Photo and Send to Http Post Request with Android

How to Access a Different Controller from Inside a Controller Symfony2

Www to Non-Www Redirect with PHP

Laravel 5 Controller Sending JSON Integer as String

How to Use C++ Binaries from PHP

PHP Soap Client That Understands Multi-Part Messages

Does PHP Have "Named Parameters" So That Early Arguments Can Be Omitted and Later Arguments Can Be Written

Inserting Utf-8 Encoded String into Utf-8 Encoded MySQL Table Fails with "Incorrect String Value"

Getting a List of Files by Folder on Drive Sdk


Leave a reply



Submit