Clearing session cookies in the browser

StackOverflow https://stackoverflow.com/questions/22143676

  •  19-10-2022
  •  | 
  •  

Question

I require some confirmation about sessions and session cookie logic.

What happens really, when you close the browser / delete the session cookies manually in the browser (btw, do they have identically the same result by default ? ) ?

In the given case, the deletion of the session cookies happens at the client.
Does the browser send an implicit message to the web server (ie. Apache) to say that the current session_id should be destroyed and can be re-used? Or does the web server have a mechanism to just re-use session_id's that have been inactive for a long time?

Resulting question:
In the second case, how does PHP know when to clear the current $_SESSION globals from the PHP filesystem (tmp) if sessions are destroyed from the client? Does Apache send a command to PHP to delete the corresponding file with session information, the moment -before it re-uses the session_id? Do these session files remain there until a certain expiration time (or do they really get destroyed immediately when the session cookies get destroyed)?

As you may notice, I'm experiencing some confusion here.
Thanks for helping me clarify.

Edit:
I'm talking about these session cookies:

enter image description here

Was it helpful?

Solution

There are two types of cookies:

1) Server side cookie
2) Client (HTTP) side cookie

When you clear cookies from browser, it clears only client side cookies (cookies on your machine). And yes, there is expiration time set for all cookies.

Some information for you:

Client side cookies

Cookies are key/value pairs used by websites to store state informations on the browser. Say you have a website (example.com), when the browser requests a webpage the website can send cookies to store informations on the browser.

Browser request example:

GET /index.html HTTP/1.1 Host: www.example.com Example answer from the server:

HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: foo=10
Set-Cookie: bar=20; Expires=Fri, 30 Sep 2011 11:48:00 GMT
... rest  of the response

Here two cookies foo=10 and bar=20 are stored on the browser. The second one will expire on 30 September. In each subsequent request the browser will send the cookies back to the server.

GET /spec.html HTTP/1.1
Host: www.example.com
Cookie: foo=10; bar=20
Accept: */*
SESSIONS: Server side cookies

Server side cookies are known as "sessions". The website in this case stores a single cookie on the browser containing a unique Session Identifier. Status information (foo=10 and bar=20 above) are stored on the server and the Session Identifier is used to match the request with the data stored on the server.

Check here for more details:

What is the difference between server side cookie and client side cookie?

When session cookies are cleared, they are removed from the client (your machine). Now, the server can't identify you since it doesn't know the session id which was in the cookie you cleared recently, and so it looks like your session is cleared.

Part of credit goes to the guy that answered that question!!

OTHER TIPS

If you delete session data from your browser, there is no feedback to the server to destroy the given session.

Sessions are destroyed after a certain period of time, the sessions lifetime. AFAIK it is set to 15 mins.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top