If I start a session with php , can user see session vars with cookies ?
I want to keep some settings of user infrmation in a session , but I do not want user know them .
thanks.
Session data is stored on the server, not in the cookie. The cookie just stores an ID to allow the server to look-up the correct data.
No, SESSION variables are on the server side so from the client's perspective, they cannot change them. That's one of the main reasons we use Sessions instead of cookies.
More information on SESSION variables can be found from the official documentation at PHP.net
Sessions are a simple way to store data for individual users against a unique session ID. This can be used to persist state information between page requests. Session IDs are normally sent to the browser via session cookies and the ID is used to retrieve existing session data. The absence of an ID or session cookie lets PHP know to create a new session, and generate a new session ID.
By default, PHP uses the internal files save handler which is set by session.save_handler. This saves session data on the server at the location specified by the session.save_path configuration directive.
Sessions can be started manually using the session_start() function. If the session.auto_start directive is set to 1, a session will automatically start on request startup.
Sessions normally shutdown automatically when PHP is finished executing a script, but can be manually shutdown using the session_write_close() function.
I am still leaving this here simply because I think it is legitimate information but I do agree PLEASE REFERENCE OFFICIAL DOCUMENTATION FIRST IF IT IS AVAILABLE. If someone can prove the following statement wrong, I will remove it. From W3schools:
A PHP session solves this problem by allowing you to store user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.
No. Session data is stored on server and the respective session id will be stored in Cookie
Well user can easily get info of whether session has been created or website is having session or not. But what variable are being set in session can never be known by user.