The purpose of using both cookies and sessions vs only cookies?

[skyhrg]

Hi,

 

I'm reading Head First PHP and the book talks about how superior the persistence is for using both cookies and session variables by resetting the session variables from existing cookie variables when you open up the browser again. 

 

But when you think about it, what's the point of using sessions again in addition to cookies, if when you're using both the cookies are already exposed? That is, I'm not talking about session ID cookies here, I'm talking about just copying the cookie variables straight onto the session variables - not getting an address or anything like that. 

 

Hope I made the question clear enough, thanks!

[requinix]

There's no point to storing the same thing in both cookies and the session, if that's what you're thinking about.

 

You "need" a cookie to use sessions, since that's how PHP knows which session data to get. Cookie data is available for the user to add, edit, and delete at their whim, while session data is not. Cookies are transmitted over the Internet and can thus be eavesdropped upon (if you're not using SSL), sessions are not.