Hi, I am new at php so please I beg of you to go easy on me., I have looked on the site and read many tutorials but I am trying to understand the following:
When I call session_start() at the beginning of a page a file gets saved to the temporary location on the server, I can then store user data in the session and call them on all pages where I use session_start().
What I don’t understand is: how does session_start() know which user im referring to? if I have many users accessing the same page (in my instance the members area) then for each user a different session is saved, how do I differentiate betweens users session.
I noticed that each session has a name like (sess_o84gfg3cmtpn0n7seshjp7egj5) does the name of the session file have anything to do with it?
What I have in mind is that I want to be able to identify the users session and store this identifier in my database, on each request I want to find that session file, create a new session and transfer all the data from the current session to the new session and kill the old session, at the same time updating the identifier for the new session in the database. I also want to encrypt the data that is stored in the session file.
I am also curious to the following, from what I understand, a session is a method of storing temporary data that can be accesses globally, it also gets destroyed when not used for a while. Ive also learnt that there is some loop holes is sessions and my knowledge is insufficient to cover theses security holes. Why cant I then just store the data in my database? If I can use my database opposed to sessions, then how do I identify the user without using thier ip address, considering that ip addresses could change etc?
Does anyone know of a site like this that has a chat room where i could chat to someone live, im hitting alot of stumbling blocks!!
Please help me understand the above and guide me in the right direction