As far as I know webapps use session_start();
that implicitly create the session cookie PHPSESSID to recognize his users,
but when analysing the outgoing HTTP requests toward differents web applications (yahoo, facebook, gmail, youtube) I didn't see this cookie in the HTTP header but another ones :
sid, ssid, gmail_at, apisid, sapisid in gmail
datr, lu, c_user, xs, fr in facebook...
is one of these cookies is the same as PHPSESSID/JSESSID and they rename it ? (I don't think so, they don't have the same length)
is there another way that session_start()
and URL Rewriting to distinguish sessions ?
or they create manually the session IDs with setcookie();
? what is the advantage then ?