User title: UNB developer & webmaster
Member since Jan 2004 · 3855
posts · Location: Erlangen, Germany
Being logged in and a session's lifetime are two different things. You start a new session every time your browser doesn't hold the previous session's ID cookie anymore. Then, the default way of PHP is to start a new session. Since the auto-login cookie, controlled by UNB, is more longliving, it will still be present to the browser and already be sent to the server with the first request. With this login cookie, you are logged in immediately, you won't see anything of that. But since PHP doesn't know if your browser accepts cookies*, if must assume that it doesn't and include a session ID URL parameter with every link on that page to not lose the ID of the new session. Only at the second request, PHP can see if your browser came back with the session cookie and can drop that additional parameter for subsequent requests. This is why you see the session ID in links only of the first requested page in a while.
*) Now as I'm explaining this, I see that there is a way to detect if the browser supports cookies: the auto-login cookie. Since I copied that PHP mechanism into my code, I have some influence on it so I can decide whether to include that parameter or not. When a login cookie is already present, I could decide not to include the parameter. This will of course only work for registered, logged in users with the auto-login enabled.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬