Jump to content

About cookies and sessions

corrupshun

By corrupshun
in PHP Coding Help

Recommended Posts

corrupshun Member

corrupshun

Posted
Posted

While programming website i often wonder if I should use both sessions and cookies, just in case that the cookies are disabled.

Also I was reading a php book (PHP in a Nutshell) and it said cookies are very insecure and can be edited to send false information to my server, because malicious users can edit them. I knew I could edit them but I didn't know I could hack them! Is this true?

My third question is what I store in cookies when using a login script. (my current one sets the username as a cookie.)

Thanks.

Link to comment
https://forums.phpfreaks.com/topic/193281-about-cookies-and-sessions/
Share on other sites
Fergal Andrews Newbie

Fergal Andrews

Posted
Posted

Hi corrupshun,

Cookies and Sessions are useful for different things. The advantage of cookies is that they can persist after the user has closed their browser. Generally, sessions are more reliable because the user can turn off cookies so you can't depend on the data they contain, though very few people actually do that. Some complex server environments where you may have many load balanced servers and proxy servers can make the use of sessions unreliable. I have done quite a bit of work for the BBC and within their complex server environment, session data can get lost. It really comes down to a judgement call as to which suits the job you are doing best. If you are in doubt then both is the safest option.

Fergal

corrupshun Member

corrupshun

Posted
  • Author
Posted

Hi corrupshun,

Cookies and Sessions are useful for different things. The advantage of cookies is that they can persist after the user has closed their browser. Generally, sessions are more reliable because the user can turn off cookies so you can't depend on the data they contain, though very few people actually do that. Some complex server environments where you may have many load balanced servers and proxy servers can make the use of sessions unreliable. I have done quite a bit of work for the BBC and within their complex server environment, session data can get lost. It really comes down to a judgement call as to which suits the job you are doing best. If you are in doubt then both is the safest option.

Fergal

thank you for the response but it didn't quite answer my question  ;)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.