Jump to content

Cookies or sessions?


Hazukiy

Recommended Posts

Hi, I'm trying to create a login form so that when a user logs in, they stay logged in and I'm wondering, which is better to use? The cookie method by doing: setcookie 

or the session_start() method? So far I've been unsuccessful with the session_start(); method. Any suggestions? Thanks.

 

 

 

Link to comment
Share on other sites

you didn't answer litebearer's question.

 

You "say" that you have been unsuccessful using session_start(). What does that mean? You already have a clear understanding of the difference between setting a cookie and setting a session variable and their lifetimes. What is it you seek?

Link to comment
Share on other sites

you didn't answer litebearer's question.

 

You "say" that you have been unsuccessful using session_start(). What does that mean? You already have a clear understanding of the difference between setting a cookie and setting a session variable and their lifetimes. What is it you seek?

 

I was wondering is there a different between the two and I have a small knowledge of sessions but none of cookies, I was hoping to have a better understand of differences of the two.

Link to comment
Share on other sites

you didn't answer litebearer's question.

 

You "say" that you have been unsuccessful using session_start(). What does that mean? You already have a clear understanding of the difference between setting a cookie and setting a session variable and their lifetimes. What is it you seek?

 

Do you realize that simeonC is not the OP?

Edited by Psycho
Link to comment
Share on other sites

Hi, I'm trying to create a login form so that when a user logs in, they stay logged in and I'm wondering, which is better to use? The cookie method by doing: setcookie 

or the session_start() method? So far I've been unsuccessful with the session_start(); method. Any suggestions? Thanks.

 

What errors are you getting. Sessions are more secure, and are saved in the server, not on the clients browser.

What errors are you getting? Copy and paste the code you are using.

Link to comment
Share on other sites

What errors are you getting. Sessions are more secure, and are saved in the server, not on the clients browser.

What errors are you getting? Copy and paste the code you are using.

<?php
  session_start();
  $_SESSION['user_id'];
?>

Then I use this to check if the session is valid but it doesn't really work.

<?php 
if(isset($_SESSION['user_id']))
{
   include 'profile-c';
}
else
{
   echo 'Nope.';
}
?>
Link to comment
Share on other sites

using a session variable to indicate if a visitor is logged in uses php's built in session management. php will set the session id cookie and manage the saving and retrieval of the session data on the server that corresponds to that session id. all you do in your code is set/unset and test the session variable.

 

using a cookie to indicate if a visitor is logged in requires that you manage all the steps in your code. your code will generate a unique token and store it in a cookie and in the row for that user in your user database table; will test if the cookie has been sent to the server and will query the user table to find the user that unique token from the cookie corresponds to in order to determine if the user can access any particular resource.

 


 

the code you posted above isn't setting the session variable to anything. just listing a variable on a line doesn't do anything to its value.

Link to comment
Share on other sites

using a session variable to indicate if a visitor is logged in uses php's built in session management. php will set the session id cookie and manage the saving and retrieval of the session data on the server that corresponds to that session id. all you do in your code is set/unset and test the session variable.

 

using a cookie to indicate if a visitor is logged in requires that you manage all the steps in your code. your code will generate a unique token and store it in a cookie and in the row for that user in your user database table; will test if the cookie has been sent to the server and will query the user table to find the user that unique token from the cookie corresponds to in order to determine if the user can access any particular resource.

 


 

the code you posted above isn't setting the session variable to anything. just listing a variable on a line doesn't do anything to its value.

 

Ah this makes much more sense now, thanks a lot. So what I need to do is create an ID for the session to bind to and test weather that ID is equal to true when they try to log in? 

Link to comment
Share on other sites

Ah this makes much more sense now, thanks a lot. So what I need to do is create an ID for the session to bind to and test weather that ID is equal to true when they try to log in? 

 

You need to assign a value to the super global $_SESSION.  You should first test this out by doing the following.

Create a variable named $id and assign to 1

 

For example

 

$id = 1;

$_SESSION['user_id'] = $id;

echo $_SESSION['user_id'];

 

So pretty much you need to first assign something to the $_SESSION super global before calling it or using it on other pages. After you have done that you can then use session_start() on other pages.

 

Hope this helps.

Link to comment
Share on other sites

You need to start the session every time you wanna use it. Probably you're not getting any data on the second file due to it missing a session_start();

<?php 

session_start();

if(isset($_SESSION['user_id']))
{
   include 'profile-c';
}
else
{
   echo 'Nope.';
}
?>
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.