Are $_SESSION
variables stored on the client or the server?
LF00
25.3k27 gold badges140 silver badges269 bronze badges
asked Jan 18, 2009 at 4:10
Steve GattusoSteve Gattuso
7,33410 gold badges43 silver badges55 bronze badges
1
The location of the $_SESSION
variable storage is determined by PHP's session.save_path
configuration. Usually
this is /tmp
on a Linux/Unix system. Use the phpinfo[]
function to view your particular settings if not 100% sure by creating a file with this content in the DocumentRoot
of your domain:
Here is the link to the PHP documentation on this configuration setting:
//php.net/manual/en/session.configuration.php#ini.session.save-path
answered Jan 18, 2009 at 4:32
rjamestaylorrjamestaylor
2,9721 gold badge18 silver badges10 bronze badges
As mentioned already, the contents are stored at the server. However the session is identified by a session-id, which is stored at the client and send with each request. Usually the session-id is stored in a cookie, but it can also be
appended to urls. [That's the PHPSESSID
query-parameter you some times see]
answered Jan 18, 2009 at 13:08
troelskntroelskn
112k24 gold badges131 silver badges154 bronze badges
4
They're generally stored on the server. Where they're stored is up to you as the developer. You can use the session.save_handler
configuration variable and the session_set_save_handler
to control how sessions get saved on the server. The default save method is to save sessions to files. Where
they get saved is controlled by the session.save_path
variable.
answered Jan 18, 2009 at 4:34
Rob KennedyRob Kennedy
160k21 gold badges273 silver badges460 bronze badges
One addition: It should be noted that, in case "/tmp" is the directory where the session data is stored [which seems to be the default value], the sessions will not persist after reboot of that web server, as "/tmp" is often purged during reboot. The concept of a client-wise persistence stands and falls with the persistence of the storage on the server - which might fail if the "/tmp" directory is used for session data.
answered Aug 8, 2012 at 17:11
On Debian [isn't this the case for most Linux distros?], it's saved in /var/lib/php5/. As mentioned above, it's configured in your php.ini.
answered Jan 18, 2009 at 21:23
HansHans
1,2429 silver badges7 bronze badges
I am using Ubuntu and my sessions are stored in /var/lib/php5.
answered Jul 17, 2013 at 9:15
1
As Mr. Taylor pointed out this is usually set in php.ini. Usually they are stored as files in a specific directory.
answered Jan 18, 2009 at 4:14
Brian FisherBrian Fisher
22.9k15 gold badges76 silver badges82 bronze badges
For ubuntu 16.10 are sessions save in /var/lib/php/session/...
answered Mar 3, 2017 at 9:27
Lukáš KřížLukáš Kříž
5906 silver badges5 bronze badges
In my Ubuntu machine sessions are stored at
/var/lib/php/sessions
and you have to sudo ls
in this directory only ls
it will throw
ls: cannot open directory '.': Permission denied
And on my Windows Wamp server php sessions are stored in
C:\wamp64\tmp
and if you install standalone php on windows then there is no value set by default
session.save_path => no value => no value
answered Mar 19, 2020 at 11:43
How does it work? How does it know it's me?
Most sessions set a user-key[called the sessionid] on the user's computer that looks something like this: 765487cf34ert8dede5a562e4f3a7e12. Then, when a session is opened on another page, it scans the computer for a user-key and runs to the server to get your variables.
If you mistakenly clear the cache, then your user-key will also be cleared. You won't be able to get your variables from the server any more since you don't know your id.
answered Jul 15, 2017 at 7:45
Emeka ObianomEmeka Obianom
1,7073 gold badges16 silver badges35 bronze badges
The PHP session which is accessible via the global variable $_SESSION
is stored on the server as files by default. Also the reference to it [called session_id
] is stored on client side as browser cookies. If either of this is deleted, then the session becomes invalid.
You can change the storage to database/Redis/memcache etc. using PHP Custom Session Handlers. Also there are extensions available for different storage like sqlite, memcache and memcached.
answered Jan 7 at 8:29
Dipu RajDipu Raj
1,6543 gold badges28 silver badges35 bronze badges
Many of the answers above are opaque. In my opinion the author of this question simply wants to know where session variables are stored by default. According to this://canvas.seattlecentral.edu/courses/937693/pages/10-advanced-php-sessions they are simply stored on the server by default. Hopefully, others will find this contribution meaningful.
answered Oct 15, 2019 at 12:42
Evan GertisEvan Gertis
1,5141 gold badge16 silver badges40 bronze badges