Some quick questions on sessions. Any answers appreciated:

1. Do sessions end if you close your browser?
2. Are sessions stored in the browser, the PC or the server?
3. How big can sessions be, how much information in KB can they store?

The actual implementation of a 'session' is highly dependent on the implementation of your web applications - there is no one correct answer. A 'session' is simply some mechanism that a developer has developed to carry the application state for a given user from one http request to another.

So all anyone can do is answer in generalities:

1. When do they end? When the developer decides. If you want provide a user with the ability to resume a session, even after their browsers are closed down, reboot, etc, then you'll probably go for a scheme that stores a cookie with an expiry date set into the future.

2. Where are they stored? Yes.

More seriously, you can store as much or as little of the session data on the client, or on the server, or on both. Should you store much data on the client? No - for performance and security reasons. But that doesn't stop some from doing silly things like sending passwords and ids to and fro and other data in the clear.

Typically you are going to store some sort of token on the client, and keep track of that token on the server. No need to store anything else on the client at all.

3. Leading into the last question, how big? As big as you want, provided you aren't shoving all this data down to the client.

Right I hope this clears things up I use php sessions. I dont want to store much on the client I just wanted to know what the limit was so my script runs smoothly. As to sessions carrying on after they completely reboot and stuff how do you do that?

The usual approach is to set a cookie expiration date out into the future - but the actual implementation will depend some on what your application needs and does.

If its a database app you'll probably end up implementing some sort of table driven session scheme, overriding PHP's default session handlers. If you google on the topic you'll find implementations of same.

In PHP as in most languages there is much reinventing of the wheel when it comes to sessions.

PHP Sessions have a set timeout probably in php.ini somewhere, if you want to customise this you could use a custom session handler

If you put session_start() in your script the php session will end when you close the browser. When you go to the site again it will create a new session with a new session id.

There is also a default time out for sesssions.

Cookie sessions are stored on the pc, session data will also be stored on the server, usually in /tmp (on a linux / unix server). But this can be changed and you can also store sessions in a db.