How Session IDs Are Transferred on Your Web Server in PHP?

As you know there are two options the PHP engine can use to transfer session IDs to the client browsers. But how to do know which option is your PHP engine is using? The PHP sample script will help you to find out:

<?php
  session_start();
  print("<html><pre>");

  $queryString = $_SERVER["QUERY_STRING"];
  print("Query string of the incoming URL: ".$queryString."\n");

  print("Cookies received:\n");
  foreach ($_COOKIE as $name => $value) {
     print "  $name = $value\n";
  }

  $myLogin = $_SESSION["MyLogin"];
  print("Value of MyLogin has been retrieved: ".$myLogin."\n");
  $myColor = $_SESSION["MyColor"];
  print("Value of MyColor has been retrieved: ".$myColor."\n");

  print("</pre></html>\n");
?>

You need to save this script to your Web server as next_page.php. Now visit first_page.php and click the "Next Page" hyper like, you will get something like this:

Query string of the incoming URL: PHPSESSID=meml483hk4dvm1n2ii8k9hvjj1
Cookies received:
Value of MyLogin has been retrieved: FYICenter
Value of MyColor has been retrieved: Blue

Base on the output, your PHP engine is using URL parameters to transfer session IDs, because you can see the session ID parameter in the query string of the incoming URL, and there is no cookies related to session ID.

Another way to confirm that your PHP engine is using URL parameters to transfer session IDs is to look at the address field of your browser, it will show something like:

http://localhost/next_page.php?PHPSESSID=meml483hk4dvm1n2ii8k9hvjj1

⇒Understanding and Using Sessions in PHP

⇒⇒PHP Tutorials