Yeah i guess the cookie doesn't need to be stored on the server since it's in the header anyway. Thanks for clearing that up. Tim-Hinnerk Heuer http://www.ihostnz.com Charles M. Schulz - "I love mankind; it's people I can't stand." 2009/2/7 Stuart <stuttle@xxxxxxxxx> > 2009/2/7 Paul M Foster <paulf@xxxxxxxxxxxxxxxxx>: > > I'm not too clear on HTTP headers, cookies, and such. So here are > > questions related to that. Let's say I generate a random number that I > > want the user to enter in a form. When I generate the number, I store it > > in a session variable ($_SESSION). When the user submits the form, I > > check the number they enter with what I've stored in the session > > variable. > > > > Since this session variable survives across page loads (assuming > > session_start() is appropriately called), how is it stored and recalled? > > > > Is it automatically stored as a cookie on the user's system? > > > > Or is it stored on the server? > > > > And how does a server "get" a cookie? > > > > Is it a separate request made by the server to the client? > > > > If the value I've asked the user for is *not* stored as a cookie, then > > is it passed as part of the HTTP submission or what? > > > > Thanks for any enlightenment on this. > > Session data is stored on the server and tied to a browser using a > cookie. The cookie contains a random string which uniquely identifies > a session on the server. The session_start() function handles all the > details of setting and maintaining that cookie and managing the > server-side data. > > Cookies are transferred between client and server with every request > in the headers. If you don't have Firefox getfirefox.com. The google > for the livehttpheaders addon and install that. Turn it on and browse > your site. You will see the cookies in the headers of both requests > and responses. Cookies are not stored on the server side, they are > sent by the client with each request. > > No additional HTTP requests are involved when using sessions. > > -Stuart > > -- > http://stut.net/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
