Why PHP session destroys when clear browser's cookie
Question
I have a little confusion about PHP session and session cookies.
Let me ask my question by giving an example of www.example.com.
When I login to www.example.com, it starts a session. So I'm logged in as a user on this website.
Now when I clear cookies in my browser, it deletes all the browser cookie.
My question is - Is the session at www.example.com destroyed when I clear the browser cookies even when I haven't clicked on logout button to destroy the session ?
So that explains what I want to ask.
Does clearing browser cookies automatically destroys PHP session even when you haven't done anything on a website that will call the function to destroy the session ??
3 answers
solution1
5 2015-12-21 10:01:36
Why PHP session destroys when clear browser's cookie
After clearing cookies PHP does not destroy session, it just cannot receive session id anymore (which is stored in cookies), so link between session data and current user connection is lost. PHP destroys session later, depending on its' config.
Does clearing browser cookies automatically destroys PHP session even when you haven't done anything on a website that will call the function to destroy the session ??
No, it does not. PHP has limits on session lifetime (see php.ini, session.gc_maxlifetime and session.cookie_lifetime ), which basically define session lifetime. In addition to official manual, there's also a good explanation of how these settings influence session lifetime.
solution2
2 2015-12-21 09:44:32
If you watch carefully, like through web inspector on Chrome/Firefox etc, then you can see that the PHPSESSIONID is set as a cookie. So if you delete all cookies then I imagine you delete this cookie as well and therefore the session doesn't know what ID to use.
solution3
2 2015-12-21 09:55:21
It's Mechanisim of Session. You can read more here .
About Session (ussually Server Session). The Server saves all the Session user data on Server and retrives data by Session ID from client (by Cookies ).
First time, Client sends a request to Server. The server has not found any Session ID from this request and responses a normal webpage and includes SET-COOKIE: SessionID=xyz
From now, every request from client will include Session ID = xyz (by Cookies).
If you clear Cookies , certainly the Session ID is gone .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.