Jump to content

About cookies and sessions

corrupshun

By corrupshun
in PHP Coding Help

 Share

Recommended Posts

corrupshun Member

corrupshun

Posted
Posted

While programming website i often wonder if I should use both sessions and cookies, just in case that the cookies are disabled.

Also I was reading a php book (PHP in a Nutshell) and it said cookies are very insecure and can be edited to send false information to my server, because malicious users can edit them. I knew I could edit them but I didn't know I could hack them! Is this true?

My third question is what I store in cookies when using a login script. (my current one sets the username as a cookie.)

Thanks.

Link to comment
Share on other sites
Fergal Andrews Newbie

Fergal Andrews

Posted
Posted

Hi corrupshun,

Cookies and Sessions are useful for different things. The advantage of cookies is that they can persist after the user has closed their browser. Generally, sessions are more reliable because the user can turn off cookies so you can't depend on the data they contain, though very few people actually do that. Some complex server environments where you may have many load balanced servers and proxy servers can make the use of sessions unreliable. I have done quite a bit of work for the BBC and within their complex server environment, session data can get lost. It really comes down to a judgement call as to which suits the job you are doing best. If you are in doubt then both is the safest option.

Fergal

Link to comment
Share on other sites
corrupshun Member

corrupshun

Posted
  • Author
Posted

Hi corrupshun,

Cookies and Sessions are useful for different things. The advantage of cookies is that they can persist after the user has closed their browser. Generally, sessions are more reliable because the user can turn off cookies so you can't depend on the data they contain, though very few people actually do that. Some complex server environments where you may have many load balanced servers and proxy servers can make the use of sessions unreliable. I have done quite a bit of work for the BBC and within their complex server environment, session data can get lost. It really comes down to a judgement call as to which suits the job you are doing best. If you are in doubt then both is the safest option.

Fergal

thank you for the response but it didn't quite answer my question  ;)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.