Cookies or sessions?

[Hazukiy]

Hi, I'm trying to create a login form so that when a user logs in, they stay logged in and I'm wondering, which is better to use? The cookie method by doing: setcookie 

or the session_start() method? So far I've been unsuccessful with the session_start(); method. Any suggestions? Thanks.

 

 

 

[litebearer]

what error(s) are you getting when using sessions? (show the code that is failing)

[simeonC]

it depends Sessions are destroyed When the browser is closed cookies are saved on the users pc. to my knowledge

[ginerjm]

you didn't answer litebearer's question.

 

You "say" that you have been unsuccessful using session_start(). What does that mean? You already have a clear understanding of the difference between setting a cookie and setting a session variable and their lifetimes. What is it you seek?

[Hazukiy]

you didn't answer litebearer's question.

 

You "say" that you have been unsuccessful using session_start(). What does that mean? You already have a clear understanding of the difference between setting a cookie and setting a session variable and their lifetimes. What is it you seek?

 

I was wondering is there a different between the two and I have a small knowledge of sessions but none of cookies, I was hoping to have a better understand of differences of the two.

[Psycho]

you didn't answer litebearer's question.

 

You "say" that you have been unsuccessful using session_start(). What does that mean? You already have a clear understanding of the difference between setting a cookie and setting a session variable and their lifetimes. What is it you seek?

 

Do you realize that simeonC is not the OP?

Edited June 19, 2013 by Psycho

[eldan88]

Hi, I'm trying to create a login form so that when a user logs in, they stay logged in and I'm wondering, which is better to use? The cookie method by doing: setcookie 

or the session_start() method? So far I've been unsuccessful with the session_start(); method. Any suggestions? Thanks.

 

What errors are you getting. Sessions are more secure, and are saved in the server, not on the clients browser.

What errors are you getting? Copy and paste the code you are using.

[Hazukiy]

What errors are you getting. Sessions are more secure, and are saved in the server, not on the clients browser.

What errors are you getting? Copy and paste the code you are using.

<?php
  session_start();
  $_SESSION['user_id'];
?>

Then I use this to check if the session is valid but it doesn't really work.

<?php 
if(isset($_SESSION['user_id']))
{
   include 'profile-c';
}
else
{
   echo 'Nope.';
}
?>

[mac_gyver]

using a session variable to indicate if a visitor is logged in uses php's built in session management. php will set the session id cookie and manage the saving and retrieval of the session data on the server that corresponds to that session id. all you do in your code is set/unset and test the session variable.

 

using a cookie to indicate if a visitor is logged in requires that you manage all the steps in your code. your code will generate a unique token and store it in a cookie and in the row for that user in your user database table; will test if the cookie has been sent to the server and will query the user table to find the user that unique token from the cookie corresponds to in order to determine if the user can access any particular resource.

 

---

 

the code you posted above isn't setting the session variable to anything. just listing a variable on a line doesn't do anything to its value.

[Hazukiy]

using a session variable to indicate if a visitor is logged in uses php's built in session management. php will set the session id cookie and manage the saving and retrieval of the session data on the server that corresponds to that session id. all you do in your code is set/unset and test the session variable.

 

using a cookie to indicate if a visitor is logged in requires that you manage all the steps in your code. your code will generate a unique token and store it in a cookie and in the row for that user in your user database table; will test if the cookie has been sent to the server and will query the user table to find the user that unique token from the cookie corresponds to in order to determine if the user can access any particular resource.

 

---

 

the code you posted above isn't setting the session variable to anything. just listing a variable on a line doesn't do anything to its value.

 

Ah this makes much more sense now, thanks a lot. So what I need to do is create an ID for the session to bind to and test weather that ID is equal to true when they try to log in? 

[eldan88]

Ah this makes much more sense now, thanks a lot. So what I need to do is create an ID for the session to bind to and test weather that ID is equal to true when they try to log in? 

 

You need to assign a value to the super global $_SESSION.  You should first test this out by doing the following.

Create a variable named $id and assign to 1

 

For example

 

$id = 1;

$_SESSION['user_id'] = $id;

echo $_SESSION['user_id'];

 

So pretty much you need to first assign something to the $_SESSION super global before calling it or using it on other pages. After you have done that you can then use session_start() on other pages.

 

Hope this helps.

[Csharp]

You need to start the session every time you wanna use it. Probably you're not getting any data on the second file due to it missing a session_start();

<?php 

session_start();

if(isset($_SESSION['user_id']))
{
   include 'profile-c';
}
else
{
   echo 'Nope.';
}
?>