Jump to content

Using GET vs. SESSION?


galvin

Recommended Posts

I am building an app (PHP and MySQL)and I had been using a lot of GET calls to get info from URLs, but the more I thought about it, the more I didn't like the possibility of people being able to mess with the URLs.  So I am in the process of changing everything to use SESSION variables to store data across pages, rather than GET.  The way I see it, SESSION variables are completely behind the scenes so they seem to be the better option.  Am I right, or is GET better than SESSION for some reason?

 

Link to comment
Share on other sites

To me here is my outlook on them.

 

Post is good for hiding information.

Get is good for permanent bookmarking and different options.

Session is good for storing temporary information per user and across pages.

 

That's just my short summed up opinion of them.

Link to comment
Share on other sites

Just wanted to add something.

 

On any type of user input or values, you should be checking the inserted values, if and only then if they match execute your scripts. Otherwise give them a default script, page to go to or a message.

 

If you follow that above they can type just about anything in the address bar ..but it wouldn't do anything.

Link to comment
Share on other sites

Yes that's pretty much right.  Session data can't be altered directly, so it's good for storing things like the user id of the currently logged in user, and remembering if they have administrator access or normal user access.  Things like the forum topic being viewed are fine to have in get or post, as they are intended to be changed by the user.  You can still validate them against the user id in the session to make sure that user has permission to view that topic, for example.

 

To add to what QuickOldCar said, GET is good for things where it doesn't matter if they are done twice, like viewing a topic.  POST is good for things which should be done once only, like submitting a new topic.

Link to comment
Share on other sites

GET and POST are supposed to be used according to what the words mean in English.

 

GET is used for non-mutable requests, such as retrieving data.

POST is used for mutable requests, such as, well, posting data.

 

Sessions aren't part of HTTP, but are used to keep information 'alive' between HTTP requests.

 

Things get a lot simpler when you code with semantics in mind.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.