That should be the same there.
So there's our session, and away we go.
So if we hit a form, we send in post data, and session start,
whether it's a get or a post, session [SOUND] start [SOUND] looks for
those things and away you go, okay?
So then what happens is if we click the button,
in this case I click the GET request, okay?
And we've added one in the session, so it's now one and away you go.
And you can see the only kind of compromise that you
have is on GET request, you see the session ID.
On a POST request, you don't because it's hidden,
but there's no way to hide it from a GET request.
So that's basically how you do cookieless [SOUND] sessions.
And that's just a whoosh by.
You can read up on how that works on the Internet.
Session ID isn't in everything.
It's not automatically added.
But basically hrefs in forums, they get added automatically.
We'll learn sometimes while we're talking to URLs that are not just hrefs or forms.
But basically the URL, we've revealed that and if you like copy and
paste the URL, you got other ways to have to protect the session
because it's revealed to the user and they might bookmark it.
And so if you're going to do these cookieless sessions,
there is few more things that you have to learn.
Okay, but for 99% of you, we're going to use cookies to do sessions.
Sessions and cookies work really well in PHP with a dollar underscore cookie,
the set cookie call, the dollar underscore session, and the session start, and
the session destroy make things happen really easily.
And so up next,
we're going to learn a lot more about what we might do with these sessions in PHP.