Best Practices mit Sessions

Best practices with sessions

For a current occasion, a little text about sessions today. What sessions are, how to configure and start them for PHP and so on should be clear to every PHP developer. In addition, however, there are a few tricks that not everyone may have directly in mind. In my opinion, this includes these points:
Sessions should only be started when a user submits a POST form (e.g. a login). This applies in particular if the session is tracked with trans_sid (as a GET parameter) even without cookies. This is important because otherwise search engines will unintentionally start sessions and record the pages multiple times due to the different IDs.
Sessions should be stopped if they are already empty, e.g. after a logout or if all items have been removed from the shopping cart in a shop. This increases the performance, among other things, because the corresponding temporary file is deleted on the server.
If trans_sid is used, it is necessary to manually append the session ID to JavaScript extensions (e.g. document.location.href) because the PHP parser does not understand JavaScript and the session would then be lost without a cookie.