Search code examples
phpsessionsession-cookies

Clearing session cookies in the browser

I require some confirmation about sessions and session cookie logic.

What happens really, when you close the browser / delete the session cookies manually in the browser (btw, do they have identically the same result by default ? ) ?

In the given case, the deletion of the session cookies happens at the client.
Does the browser send an implicit message to the web server (ie. Apache) to say that the current session_id should be destroyed and can be re-used? Or does the web server have a mechanism to just re-use session_id's that have been inactive for a long time?

Resulting question:
In the second case, how does PHP know when to clear the current $_SESSION globals from the PHP filesystem (tmp) if sessions are destroyed from the client? Does Apache send a command to PHP to delete the corresponding file with session information, the moment -before it re-uses the session_id? Do these session files remain there until a certain expiration time (or do they really get destroyed immediately when the session cookies get destroyed)?

As you may notice, I'm experiencing some confusion here.
Thanks for helping me clarify.

Edit:
I'm talking about these session cookies:

enter image description here

Solution

  • There are two types of cookies:

    1. Server side cookie
    2. Client (HTTP) side cookie

    When you clear cookies from the browser, it clears only client side cookies (cookies on your machine). And yes, there is an expiration time set for all cookies.

    Here is some information for you:

    Client side cookies

    Cookies are key/value pairs used by websites to store state information on the browser. Say you have a website (example.com); when the browser requests a webpage the website can send cookies to store information on the browser.

    Browser request example:

    GET /index.html HTTP/1.1
Host: www.example.com

    Example answer from the server:

    HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: foo=10
Set-Cookie: bar=20; Expires=Fri, 30 Sep 2011 11:48:00 GMT
... rest  of the response

    Here two cookies, foo=10 and bar=20, are stored on the browser. The second one will expire on 30 September. In each subsequent request, the browser will send the cookies back to the server.

    GET /spec.html HTTP/1.1
Host: www.example.com
Cookie: foo=10; bar=20
Accept: */*

    Server side cookies (SESSIONS)

    Server side cookies are known as sessions. The website, in this case, stores a single cookie on the browser containing a unique Session Identifier. Status information (foo=10 and bar=20 above) is stored on the server, and the Session Identifier is used to match the request with the data stored on the server.

    Check here for more details:

    What is the difference between server side cookie and client side cookie?

    When session cookies are cleared, they are removed from the client (your machine). Now, the server can't identify you since it doesn't know the session id which was in the cookie you cleared recently, so it looks like your session is cleared.

    Part of the credit goes to the guy that answered that question!!