[development] session questions

Dave Cohen drupal at dave-cohen.com
Fri Oct 17 18:42:13 UTC 2008


Hi, I'm hoping someone understands sessions better than I do and can help me 
out.  I'm noticing different behavior across browsers and I'm having trouble 
groking it.

I'm serving a page with a form, and that form has an autocomplete field.  So my 
drupal gets an initial request for the page, then subsequent requests for the 
autocomplete callback.  I'm testing with Firefox and IE right now, and here's 
what I observe....

1) Across all browsers and requests, the session_name() is the same.  I 
believe this is because drupal computes a session name in conf_init().  The 
name depends on the URL only and not the browser.  Am I correct so far?

2) From Firefox, the initial page request and subsequent autocomplete 
callbacks have the same session_name AND session_id.  In other words the 
session cookie's name and value remain the same.  The effect of this is that 
$_SESSION is shared between the normal page request and the ajax requests.

3) From IE7, the session_name remains the same across all requests, but the 
session_id() of the initial page request is different from the ajax callbacks.  
In other words the session cookie's value changes.  So $_SESSION is not 
shared.  Is this what I should be seeing?

4) Also from IE7, the session_id is new for ajax callbacks, yet drupal somehow 
knows which user is logged in.  That is $_SESSION is not shared with the 
original page request, but the global $user is set correctly.  How is this 
happening?  Doesn't Drupal rely on the session_id to determine the user?  
Since session_id has changed shouldn't drupal think the ajax request is 
anonymous?

Is what I'm seeing the way things are supposed to be, or have I somehow 
screwed up my install?

Thanks,

-Dave



More information about the development mailing list