|
Everytime someone connect to your web browser to be served data, your system can automagically and or manually create a session. What this does is assigns a unique session ID that your browser will pass to the webserver through HTTP1.1 headers, or through cookie headers (depending on what your browser supports).
This unique ID links directly to a file in a temporary directory on the server which is used to store variables and objects on the server between pages. The session is not destroyed until the users times out from the server (inactive browsing for a definite period of time, or you manually destroy the session).
If a user logs into a webmail system, you would have to have the client constantly pass the password and username back into the server for every page reload, this is obviously very insecure, so instead you can store this data in the session ($_SESSION superglobal) which will allow the data to be used on different page view/scripts without passing the value back and forth between client and server.
Also if they are purchasing items from your website, instead of storing the shopping cart, including full prices of the purchase on the client end (where they could modify it and rip you off) you would store it in the local session preventing the user from being able to do anything more then reference that session (with the session ID).
Hopefully that clears things up for you...
|