What is PHPSESSID?


Question

I'm playing around with cookies. And I dont have any cookies called PHPSESSID.

Do i need it? Can i remove it?

Whats the "function" of it?

if (count($_POST)) {

setcookie("TestCookie", htmlspecialchars($_POST['val']), time()+3600);
}

print_r($_COOKIE);

Prints:

Array
(
    [TestCookie] => blabla
    [PHPSESSID] => el4ukv0kqbvoirg7nkp4dncpk3
)
1
42
9/3/2009 1:00:49 AM

Accepted Answer

PHP uses one of two methods to keep track of sessions. If cookies are enabled, like in your case, it uses them.

If cookies are disabled, it uses the URL. Although this can be done securely, it's harder and it often, well, isn't. See, e.g., session fixation.

Google for it, you will get lots of SEO advice. The conventional wisdom is that you should use the cookies, but php will keep track of the session either way.

45
4/4/2014 10:09:24 PM

I will add:
you should use a different name
"PHPSESSID" reveals you're using PHP

this can be done in php.ini session.name

or via the function session_name()


Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Icon