Jump to content

The purpose of using both cookies and sessions vs only cookies?


Recommended Posts



I'm reading Head First PHP and the book talks about how superior the persistence is for using both cookies and session variables by resetting the session variables from existing cookie variables when you open up the browser again. 


But when you think about it, what's the point of using sessions again in addition to cookies, if when you're using both the cookies are already exposed? That is, I'm not talking about session ID cookies here, I'm talking about just copying the cookie variables straight onto the session variables - not getting an address or anything like that. 


Hope I made the question clear enough, thanks!

Link to comment
Share on other sites

There's no point to storing the same thing in both cookies and the session, if that's what you're thinking about.


You "need" a cookie to use sessions, since that's how PHP knows which session data to get. Cookie data is available for the user to add, edit, and delete at their whim, while session data is not. Cookies are transmitted over the Internet and can thus be eavesdropped upon (if you're not using SSL), sessions are not.

Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.