Preserving State and Providing Security
Chapter 15, "Sorting, Searching, and Random Numbers," outlines session identifiers, but it may not have been immediately obvious why you would want to implement them. You may wish to secure your Web application by requiring visitors to identify themselves with a login and password. Requiring this page after page, though, would be very annoying. You may even want to track users through the site without actually identifying them. The process should be invisible and should not intrude on the experience.
One solution is to generate a random session identifier. This identifier must not be easy to guess and must be unique to each user. The session could be stored in a database or a file and passed in every link ...
Get Core PHP Programming: Using PHP to Build Dynamic Web Sites now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
