[development] session questions
Dave Cohen
drupal at dave-cohen.com
Fri Oct 17 18:42:13 UTC 2008
Hi, I'm hoping someone understands sessions better than I do and can help me
out. I'm noticing different behavior across browsers and I'm having trouble
groking it.
I'm serving a page with a form, and that form has an autocomplete field. So my
drupal gets an initial request for the page, then subsequent requests for the
autocomplete callback. I'm testing with Firefox and IE right now, and here's
what I observe....
1) Across all browsers and requests, the session_name() is the same. I
believe this is because drupal computes a session name in conf_init(). The
name depends on the URL only and not the browser. Am I correct so far?
2) From Firefox, the initial page request and subsequent autocomplete
callbacks have the same session_name AND session_id. In other words the
session cookie's name and value remain the same. The effect of this is that
$_SESSION is shared between the normal page request and the ajax requests.
3) From IE7, the session_name remains the same across all requests, but the
session_id() of the initial page request is different from the ajax callbacks.
In other words the session cookie's value changes. So $_SESSION is not
shared. Is this what I should be seeing?
4) Also from IE7, the session_id is new for ajax callbacks, yet drupal somehow
knows which user is logged in. That is $_SESSION is not shared with the
original page request, but the global $user is set correctly. How is this
happening? Doesn't Drupal rely on the session_id to determine the user?
Since session_id has changed shouldn't drupal think the ajax request is
anonymous?
Is what I'm seeing the way things are supposed to be, or have I somehow
screwed up my install?
Thanks,
-Dave
More information about the development
mailing list