Seesions or cookies?

[dreamwest]

Ive been using cookies pretty heavily to acces certain areas of my site but i want to convert them to sessions instead.

 

Thought i would ask here before i did anything - which is better. I know ppl can sometimes have thier browsers to not accept cookies, but is that the only drawback to using cookies?

[Wolphie]

Other websites could quite possibly access your cookies (which is bad if they contain user sensitive information).

 

Facebook, for example have a few 'open' cookies where they're accessed by many websites you may visit.

[GingerRobot]

I know ppl can sometimes have thier browsers to not accept cookies

 

Session IDs are, by default, stored in a cookie anyway. Unless you start passing the session ID around in the URL, you're still relying on the user having cookie support enabled. And if you do pass it around in the URL, you increase the risk of session hijacking.

 

Use cookies only to store things you want to store between visits to your site. I.e. if you want a remember me function then you'll be needing cookies. Otherwise, use sessions.

[PFMaBiSmAd]

All cookies are domain specific. There is no such thing as an "open" cookie that is sent by the browser to all domains.

[Daniel0]

Sessions give you control over how to store the data. The only thing the user will then be responsible for storing is their own session identifier.

[Wolphie]

All cookies are domain specific. There is no such thing as an "open" cookie that is sent by the browser to all domains.

 

So then how does Facebook store cookies that enables other websites to identify your Facebook identity?