Now, what's cool about session is this is a two-way connection.
Cookies are sort of a two-way.
We can use set cookie to send it as well.
But session is data that's really easy.
And it's another super global.
So now we're going to talk about, given what we know about cookies,
how we implement and use sessions in PHP.
So, when we meet a new browser, we check to see if there is a session cookie.
It's still a cookie, but a session cookie.
And if there is no session cookie, we make up a large random number,
some unique mark, and then we send it as a cookie, and
then we create a session with that same identifier.
And then we get the next request, we see, there's a session cookie here.
And then we reconnect to that session, and away we go.
And so the PHP takes care of a lot of the session stuff for us,
like a web framework.
And so the session identifier is security by obscurity.
We pick a large random number, we turn it into hex characters, and
we stick in it in the browser, and we stick that in a cookie.
Now, if you somehow compromise your session identifier and
lose the session identifier, then someone could fake the session identifier because
they could change the cookie in their browser and take over your session.
But because these are such large random numbers,
we generally don't worry too much about that.
And they only live for a little while, so when you close your browser that
session is gone and it's gone on the server as well.
So we tend to store not too much data in the session, but if you take a look and
you took a typical application, especially a php application and you go to it for
the very first time, you'll see this cookie.
Now you can change the name of this cookie in the configuration of your PHP.
By default the cookie is named php session ID.
And that is coming back from the browser on the first page,
long before you press the login.on anything.
And so there's a session.
And the login is different.
We'll talk about login later.
The session is just a place to store data, that is a two-way place to store data.