Reputation: 1306
Zend_Session where is the cookie?
i'm using Zend_Session::start() on each request because I need to save the values between the various requests (for example user and password for re-use it in future access to db).
I would like to know if the cookie is created when i use Zend_Session::start(), and most importantly where I can see the path where is stored (both server and client).
I read that in fact the use of sessions involves the creation of a cookie but I'm not sure if the same is true with the Zend_Session seen that there is also Zend_Http_Cookie
Upvotes: 1
Views: 1545
Answers (3)
Reputation: 25918
From Zend_Session documentation:
Zend_Session uses the normal PHP ext/session functions internally, all the familiar configuration options and settings apply (see http://www.php.net/session)
You may also configure some behaviors of Zend_Session using Zend_Session::setOptions():
Zend_Session::setOptions(array(
'use_only_cookies' => 'on',
'remember_me_seconds' => 864000
));
See also Zend_Session Advanced Usage
Upvotes: 2
Reputation: 33148
Zend_Session extends the standard PHP session functionality, so yes starting a session sets a cookie. Where the session data is stored depends on your configuration, by default the data is stored in files, the location of which is controlled by the config value session.save_path.
You wouldn't typically store the password in the session - once a user has been authenticated you might store just the username in the session for later access. Zend_Auth will handle all of this for you if you are using that component.
Forget about Zend_Http_Cookie, it has nothing to do with user cookies.
Upvotes: 2
Reputation: 174937
All sessions need some way for the client to authenticate against.
Meaning, the server will give the client a key (or a session ID), usually in the form of a cookie, and link (internally, on the server-side) the session variables to that ID.
When the client sends a request, it also sends the session ID with the cookies, which allows the server to fetch the variables associated with that ID, and allow use by the programmer.
The path of the cookies changes per browser.
That means that the client only has the ID, the client does not know what is in the session variables, he cannot see them.
Now I don't know Zend very well, but I assume that Zend_Session is for sessions, while Zend_Http_Cookie is for an actual cookie (where the value of the variable itself is stored in the cookie). Do not store critical information in a cookie, as it is easily readable and changable.
Upvotes: 2
Related Questions
- How to set session cookie_domain when using Zend\Session
- How to use cookies in Zend?
- set cookie in zend framework
- Determine if session cookies are enabled with ZF2
- how to set cookie in zend framework?
- Zend Framework 1.10: Cookies aren't stored
- Where is the cookie stored that session_start() uses?
- Zend Framework - storing and retrieving cookies
- zend_auth cookies?
- Zend Framework cookie management