Re: [Phplib-users] session4_custom.inc

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thus spake Dennis Gearon on Fri, Apr 11, 2003 at 10:17:34AM CDT
> that kind of goes back to my question. Because EVERY browser window gets 
> all the same cookies, besides identity of a user, what gets stored in the 
> cookie for a session?

A session cookie is generally just a key into a server-side database, and
the database stores whatever is appropriate on the server side.  A session
cookie is set to expire when the current browser instance terminates..

> And how do people prevent a new browser window by the same user, in the 
> same session, from having the exact same screen as the other ones that are 
> open, (going to the same application at the same website, of course:-) )?

Once we have a session established, anything is possible.  The server will
know which pages have been fetched during the current session and can make
decisions accordingly.  The test program which is, or used to be sent out
with phplib is a good example.  It counts accesses for a page in the context
of a session.  Successive windows using the same browser instance will
display the access counter incremented, but of course the server could do
anything here, including limiting access to any particular page to once per
session.

A session cookie doesn't really identify a user.  It identifies a browser
instance on the client side, and as long as the browser stays up, the
server will know that it's dealing with the same browser instance every time
the cookie is returned to the server (e.g. on every page fetch).  If the
user authenticated, then the server knows that the browser instance
identified by the cookie is being run by an authenticated user and can
behave accordingly.

If the user closes the browser, the session cookie goes away and the next
time the browser program is started no cookie is returned, and the server
sends a new cookie and instantiates a new session.

Hope this helps.

-- 
Lindsay Haisley       | "Everything works    |     PGP public key
FMP Computer Services |       if you let it" |      available at
512-259-1190          |    (The Roadie)      | <http://www.fmp.com/pubkeys>
http://www.fmp.com    |                      |