Posted by Benjamin on 11/27/06 03:13
crescent_au@yahoo.com wrote:
> Hi all,
>
> I am creating a login system. I am using sessions. It's working fine. I
> have seen some login systems where they pass session id as part of URL.
> I am not doing it in my login system but it's working fine. I just
> wanted to know why is it necessary to pass session id by URL? I have
> chosen not to do it. Am I missing something?
The PHP session system uses cookies to track users by default. (The
browser sends the a cookie created by PHP with a phrase PHP can use to
lookup up user information). If PHP can't use cookies (i.e. you set
it), it tags the session ID along on every URL. You're not missing out
on anything. Cookies are actually prefered because they are more secure
and make URL look better.
[Back to original message]
|