|
|
Posted by Gordon Burditt on 04/17/07 02:29
>> Losing the session cookie is a major possibility. So also is running
>> out of disk space to store session data in.
>
>> >
>> >Jan Nordgreen
>> >
>>
>>
>If I may, how is session data saved to disk? Do you mean at the client end,
>with cookies, or on the server?
Session data never reaches the client. It is saved on the server.
One of the advantages of sessions is that the data never reaches the
client, so the client can't tamper with it.
The default session save handler uses lots of little files, one for
each session. Other handlers can store the info in a database.
Session *cookies* are saved on the client. Any loss of the cookie
screws up the session.
>I've always thought that, on the server, session data is always in memory,
>unless it gets swapped out by the OS in a low memory situation. But then
Don't think that. It's a reasonable interpretation *while a PHP
script is running*. Session data can survive web server (e.g.
Apache) restarts. It might survive server reboots.
>again what I know about sessions at this point could be written on a postage
>stamp with lipstick.
[Back to original message]
|