I always understood that the session ID is stored in a cookie, but if cookies aren't supported by the user's browser for whatever reason, then PHP would be able to automatically fall back to using the query string.

Looking through some of the documentation today, I can't work out if this is the case or not. Lots of people are passing SID explicitly in the links between pages, which I'd always assumed wasn't necessary.

Tested it, the browser uses the cookie by default to remember its session. If the browser has cookies disabled, you need to pass allong the session id in the url to keep the session alive.

Tested using the following code:


<?php
session_start();
$hitcounter = $_SESSION['hitcounter'];
$hitcounter += 1;
$_SESSION['hitcounter'] = $hitcounter;

echo "you have visited this page $hitcounter times <br/>";
echo "<a href='?".session_name()."=".session_id()."'>click here to keep the session alive if you have cookies disabled</a>";
?>


can be tested here http://pc.rvgate.nl/kirupa/sessiontest.php

they also mention here (http://www.php.net/manual/en/function.session-id.php) (first comment) that the constant SID should be available.. but i didn't get that working for some reason... meh