Ok, I am on chapter 14 now. It has been quite a ride. So many thinks I hava learned and so many things I have to remember. The use of sessions is something I still have problems with. On chapter 14 you user sessios_id() beforese sessions_start(), on the explanation the reason is so that you keep the same session id. The problem I am having is that I thought that when you do session_start() I thought if you already had a session id it will keep the same, but after reading this it seems everytime yo do a session_start() the id of the sessions changes but I do not see how can that be, because if the Id changes all the time how can you store variables in the session on one page and then retrieve them on a different page. Can somebody pleaseeee help me out?

Also in this same chapter the page checkout2.php uses the funcion session_start() but never uses a $_Session['anything'], what is the point then to start a session?

Since we are talking about sessions, one last question. Why is it that previously in the book you pass the session id on the url? When do you pass on the url and when not?

Christian

Note: SOrry for all the question but I really want to understand this thing about sessions.

__________________
Christian

Christian:

To quote the php.net manual,
session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.

session_id -- Get and/or set the current session id

So, the session_id function sets (or returns) the id for the session & the session_start gets all the info held in the current session. Does that make sense?

In our shopping cart example, we are only using the session id variable to store products in the temporary shopping cart, but you could use whatever you wanted and reference it accordingly, such as username, preferences (like language), browser used, etc.

As far as passing session id's through the URL, we chose not to do it in our cart example because if someone saved a page as a bookmark, with an old session ID in the URL, it would potentially screw up our temporary cart system. Likewise if you were storing personal information in your session, and you passed the session ID through the URL, that personal information could be compromised.

I hope that helps clear things up for you- you can read more about sessions at the php manual: www.php.net/manual

Thanks for the reply Elizabeth. Could you give me an example of when would be a good id to pass the session id through the url?

Christian

You could pass the session in a URL if you had, for example, a database of articles that your users were allowed to search. In this case, it wouldn't terribly matter if someone used a bookmarked URL (and thus bogus sessionid) because they're just searching through articles. This of course is assuming you're not storing any sensitive information in your session.