what is the point in sessions?

you have to store the session ID in a cookie most of the time anyway, so why not just store the user's ID and password hash in a cookie, and compare them?


can someone talk me through ste by step how you use a session for something like a forum?

If i remember correctly. Sessions only last as long as the browser is open and session is deleted immediatly once the browser is closed. Sessions are not stored in a txt file in the users comp... I think . :D

Year sessions only last until the browser is closed, but since PHP 4.2.x you can define the time (in minutes) the session lasts :

"session_cache_expire() returns current cache expire. If new_cache_expire is given, the current cache expire is replaced with new_cache_expire." (in PHP Manual for 4.2.2)

But instead of using standard PHP sessions you can program your own system (using a database for e.g.) and store only the session ID in a cookie. Why not try this ? (this is how vBulletin is made i think, as they store "bblastvisit", "bbuserid" and "bbpassword" in their cookie).


I'm currently doing a forum too, and i've decided to store the member id AND the member password (encoded) in the cookie, so there is no pb, and i don't need any sessions :D

i think i'll stick to good ol' cookies too