motorollin wrote:
So how does the web server know which session to issue to the browser on subsequent calls to start_session()? Is there a predefined variable which you set to the session ID for start_session() to pass back?
Using LiveHeaders, I see that every connection to the server the browser sends a Cookie: header with the PHPSESSION value. The server can then react upon it if the session is still valid. The start_session() doesn't necessarily instantiate a session, it enables your page to use a session.
What I just noticed, and I'm not quite sure where to point the finger on this one, is that between my Firefox 3 and PHP5, an old session ID is being reused. This probably has to do with cookie expiration (default is 0, which is to expire when the browser closes, which I generally hardly ever close) and me not generating new session IDs... which I will definitely start doing.
I did find a note in PHP's bug system from 2001 which illustrated that a client can specify the session ID when instantiating a new session. In the end, it was decided that this is not a bug.
