• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Database sessions workflow

The session expires using the expiration timestamp on the session cookie. If it is expired, the browser will delete it, so you end up in situation 1).

There are several parts that play a role in what you call "the session":
- the session identification information
- the session cookie
- the session payload

The session ID information consists of a unique Session ID, a timestamp, and the IP address and User Agent string of the client. This information is stored in an array, which is serialized, encrypted, and send to the browser as payload of the session cookie.
The session id is used to access the database, to retrieve the session payload (i.e. the userdata). Userdata never leaves the server (unless you use cookie sessions, in which case the user data is also part of the encrypted cookie). Userdata stored on the server is not encrypted, the assumption is made that your database server is secure (which is not always the case with file based sessions, especially not on a shared host).

Messages In This Thread
Database sessions workflow - by El Forum - 11-30-2010, 05:21 AM
Database sessions workflow - by El Forum - 11-30-2010, 05:39 AM
Database sessions workflow - by El Forum - 11-30-2010, 06:00 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.