I've heard a lot about php sessions. what are they? how are they different from using mysql and cookies to track session keys?

http://www.php.net/session

Data is stored on the server. More secure then cookies.

Also, as far as I know if people don't allow cookies they are able to log-in etc...

AND if people look in their cookie list and don't see a cookie from ur domain in there, well they will love ya and not be able to claim you are spying on em.

the are basically the same. one advantage of using cookies is that it can be stored on the user's machine. session is used only on the current browser session. when the broswer is closed, all session vars are gone.

so what's the best way to keep a user logged in if I'm using php sessions, and the user closes the browser? I think I could check to see if they accept cookies. if they do, save the session key as a cookie. would that work?

Sessions work with cookies by default, so unless the visitor disallows persistant cookies, but allows session cookies you're stuck to including it with the URL on every page.


so what's the best way to keep a user logged in if I'm using php sessions, and the user closes the browser? I think I could check to see if they accept cookies. if they do, save the session key as a cookie. would that work?You use a session when someone is actively browsing your site. Each session will have an associated id with it, which expires if they haven't visited another page in a certain amount of minutes since the last one.
As far as I know PHP doesn't have a session expiration function callback like ASP does so you're stuck to manually keeping track of which cookie id is associated with which user, when their last page access occured and to manually remove the ones that have past the idle time.

You're better off storing a unique value in a user's cookie and associating it with their account in the database than fiddling with PHP's implementation of sessions which is fairly useless.