As far as I know 'session' means a session on the web server. So only an application at de server can create and change the session variables (temporary cookies). And they are stored in memory server-side.

So what you want - having the client change such a session variable - is impossible. And it should be, because sessions are meant for the website owner to control, up to a certain degree, the circumstances in which some parts of his website will perform for the client or not.

<John DeVie />

yeah, but for the server to recognize you, the sessionid of your 'session on a web server' has to be stored on your pc, too, somehow. this can be done by the use of cookies. the 'session-cookies' i referred to (which can or cannot contain a sessionid, but in most cases they will) expire (get deleted) at the end of the session (browser closing down). for the normal websurfer there is no need to change anything there, but just in case you wanted to, how could it be done?

i don't want to mess around with sessionids anyways, but sometimes there are other values in this kind of cookies, too, which someone might want to change.

thanks.

it's all stored on the webserver, not the client.

you wouldn't get a cookie, if everything was stored on the webserver only. of course the sessionid is stored on the webserver, but also on your machine.

So what valid reason would you NEED to change the session ID?

I can only think of maliscous intentions.

Yeah, you're right. The temporary cookie is stored on the client-pc.

But still, they were never meant to be changed, in any way, by the client. Sure, it must be possible to change it client-side, because every string of bits in memory, whether on your hard disk or your RAM, can be read and changed. But that must be considered as hacking/cracking which isn't exactly what these forums are for, is it?

<John DeVie />

as i've stated earlier, i don't want to change a sessionid. in these temporary cookies other things can be stored, too, since it's a regular cookie only with special expiration.

not everything your browser doesn't let you do by default is necessarily 'evil'.

You aren't listening.

A SESSION ONLY STORES A SESSION ID, NOTHING MORE ON YOUR PC.

ALL THE SESSION DATA IS STORED ON THE SERVER.

So the only thing you could be looking to change is the Session ID, and there is no VALID reason to do so.

If you can give a REAL example of what and why you would need to change this, by all means, do so.

you aren't listening.

again: i'm referring to a "session-cookie" as a cookie which gets deleted when the session ends. these can contain sessionids, but sometimes it is used for storing other information as well.

i can't give you a 'REAL' example, just asking for a general way to edit these. finally it's information stored on MY pc.

I can think of a few reasons. One being just curiosity. I can't see the harm in seeing/manipulating something that shouldn't contain sensitive info.

I've never worked with cookies but wouldn't IE have the cookie available in the temp folder while the site is opened in the browser?

well. i've tried a full-text search on c: while mozilla, opera and internet explorer had such a temporary cookie in memory. no results. so it has to be stored in ram, i guess.

at least mozilla let's you see the content of the cookie, but you can't change it. edit: opera does, too.