0

I searched and did not found enough information on session_name() method.
I am using session_name() on some pages but not on all. I am getting problem, if I omit the session_name() method from my code, it will work fine, but if include, it wont work. I have around 100 pages, and I am including only into 11 pages. It is compulsory include session_name() [before session_start()]...

My final question, why we use session_name() ??

3
Contributors
3
Replies
7
Views
6 Years
Discussion Span
Last Post by digital-ether
0

You need to have the same session.name across the pages you want to access the same session.

To understand this you have to understand how the PHP session works. The session.name setting in php.ini (PHP configuration) will set the name of the cookie that is being set with the session ID. The session needs to know the name of this cookie, so it can get the session ID.

Using the session ID, PHP then checks the session storage/save handler for the session data. The session storage handler by default is file, which writes session data to the file system. Each user has a unique session id, which is also the name of the file they have their session data storage.

So the session, for files, really is just a bunch of file named after each session ID. Each session is tracked via a cookie named after session.name, which has the session ID as it's value.

If you were to use a different session.name for different pages, then PHP would be setting two different cookies with the session ID. Thus when it needs to look up the session data, it will only be able to look up one of these cookies, and thus not be able to read the data for the other pages with a different session.name setting.

Note: In general cookies are used to track the PHP session, but it can also be tracked via the URL parameters. This is less secure then using cookies however, so cookies is more common. In either case, you need to have the same session.name.

0

On another note, there is no reason to change the session name. It does not offer more security - and the session works fine with any name, as long as it is constant across the domain.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.