I've been trying to find documentation about cookie and session use in XOOPS but without success. Could someone please either point me in the direction of an explanation or help me work it out?

Basically what I'd like to do is add a new key/value to the current valid session/cookie, or if it already exists then use the value in my module. Are there core functions to do this?

Any help would be appreciated

Rowd

no-one can help me?

Here's a starting point: kernel/session.php

The constructor for the class XoopsSessionHandler is called by the function xoops_gethandler in include/functions.php.

Sessions are stored in the database table xoops_session.

Thank you for the replies. I'll work with the session db entries then and not bother about cookies, as you have suggested.

I was really just trying to work out the logical flow of events, I guess you could call it. Like, what exactly happens when a user visits the site. As I understand it, an anonymous user would have a cookie set immediately which contains the sessionID, and a session entry is also created in the db for that user, containing no sess_data values. When the user logs on, the db session entry is updated to include user info as sess_data. When they logout the session entry is deleted.

I still have some questions though, such as:
- When an anonymous user moves on, how is the session entry removed from the db? Or if a registered user closes the browser without logging out?

- If a user has cookies disabled can they view the site?

- Why is a cookie used to store the sessionId, when it is immediately stored in the db anyway?


Sorry for all the questons, I just like fully understanding the system I work with.

Rowd

Quote:
Well, the "system you work with" in this case is actually not so much XOOPS as it is PHP.

1: Normal garbage collection removes the entry after a set limit

2: They may not be able to login and use other session-based functionality, but viewing, sure. The sessionID *should* be appended the URL automatically if cookies are disabled (PHP functionality), but I have had some problems here.

3: Because how would the system know which session it should retrieve if the user did not send a cookie with that information? HTTP is a stateless protocol and it is impossible to relate one request to another unless there is additional information passed on - either in the form of a parameter (GET or POST) or with a cookie.

The only difference from "normal" sessions and XOOPS sessions is that "normal" session data is saved on the webserver either in memory or in a file, whereas XOOPS saves it in the database.

Thanks Mithrandir, I'm an AS400 programmer and still have a lot to learn about PHP.

Rowd