which is better, Session or Cookies?

[abdfahim]

Hi, plz tell me which is better process for user login in a website, Session or Cookies. If Cookies is better, then plz give any link where I can find easy and vivid knowledge for implementing cookies login system in my site. Btw, at present I am using Session for login system in my site.

[Petty_Crim]

Hi, please tell me which is better process for user login in a website, Session or Cookies. If Cookies is better, then please give any link where I can find easy and vivid knowledge for implementing cookies login system in my site. Btw, at present I am using Session for login system in my site.

I'm pretty sure all the php forums use sessions for the login, you can use cookies for remembering a username in the input box but I'd say Session is best for actual login.

[tippy_102]

Depends upon your definition of "better".

 

Do you want your users to remain logged in when they visit your site a day or two later?  If yes, then use cookies.

 

Here's some good reading on the subject:

http://hudzilla.org/phpwiki/index.php?title=Cookies_and_sessions

 

 

 

[abdfahim]

thanx guys for your comments. plz help me a bit more.

 

The problem is, whenever I login in my site and do nothing for some time (like 1 minute), it automatically logged out. So, after some time, when I wanted to go to another page, it again ask to login.

 

I want that, as long as browser is open, or some one intentionally logged out, he remains log in. To do that, which session function should I use? At present, I use nothing but Session_Start.

[mmarif4u]

I am agree with Petty_Crim.

I always use sessions for my login pages.

Session is preferred by all php developers.

 

[mmarif4u]

Session_start(); is used on every page you want the user to logged in.

I think the prob is in ur coding.

Can u post some sort of coding where u get the login page again.

[abdfahim]

I use the following code in the top of each page.

 

if (!isset($_SESSION)) {
session_start();
}

 

Nothing related to Session is there in my code. Now, why should the session will be expired automatically?

[mmarif4u]

Just try this simple code and let me know.

Remember that session_start() will go very top of the page like:

 

 
<?php
session_start();
Rest of ur code
?>

[abdfahim]

You know, I have to change lots of pages. Anyway, I will do that. But, isn't there any problem if I use Session_Start() when a session is already started?

[mmarif4u]

Session will start, when u include session_start in every page.Untill that session is not started for that page.

[Daniel0]

I am agree with Petty_Crim.

I always use sessions for my login pages.

Session is preferred by all php developers.

 

Would you then explain to me how you would keep the user logged in even AFTER they've closed the browser? That can only be done using cookies. Besides, how can you say that all PHP developers prefer sessions?

[DeathStar]

I prefer cookies.

The only downfall in them is you have to either encrypt the data or use a special way to identify them.

And then also you can set them for how long you want and they will stay until that time.

[mmarif4u]

Would you then explain to me how you would keep the user logged in even AFTER they've closed the browser? That can only be done using cookies. Besides, how can you say that all PHP developers prefer sessions?

 

1st of all every body if u r a programmer would know what is session and what is cookie,

It depends on the person either he want to store the data on client pc or not. i will not store personally.

I say "that all PHP developers prefer sessions" It does not mean that you, if you dont want to store it in sessions, use cookies.

That was my opinion.

Every body know (who know session and cookies) that after closing browser the session data is destroyed , cookie one remain.

I did not say the session store the info after closing browser, I say that depends on the person.

Hope u will understand what i want to say.

[mmarif4u]

I prefer cookies.

The only downfall in them is you have to either encrypt the data or use a special way to identify them.

And then also you can set them for how long you want and they will stay until that time.

Now it depends on the person who prefer which one.

As Deathstar describe,

cookie are more vulnerable u have to use secure way to protect cookies, while sessions are a little bit secure than cookies.

Now if some one use that pc and enter to the login pages for a that user who store his information cookies than???

 

[DeathStar]

You do know how sessions actually work do you?

It's a little file in your TEMP folder.

 

Usaully something like this:

session. ----

[mmarif4u]

Yes Deathstar i am agree with you 1st of all if some one want to use session or cookies he or she must know what is the function of both,

I know that where it is saving temporary their files(Php temp folder). Also u can change that to ur desire folder using php.ini session_save_path, something like that in php.ini.

[abdfahim]

Dear mmarif4u, I have an information for you. I have Apache 2.0.54, php 5.2.3 and mysql 4.1.20 installed in my PC. I never face any problem when testing in my PC. But when I upload my files in the server (configuration: mysql 5.0.41, php 5.2.3), the session automatically expires after some time whether I close the browser window or not. Now what may be the problem?

[mmarif4u]

It depends on ur scripts, whether u use cookie or sessions.

If sessions i think i already mention that change ur script a little bit to work properly.

As code i write in previous posts.

Just try on 2 or 3 pages not on all if u have alot of pages to edit.

If that works than change ur scripts step by step to work properly.

If this does not work than please post the code any one of the pages .

we will try to solve ur problem.

If have local machine running these softwares then try on that dont try it 1st on live server, this is my suggestion.

Bcoz i test my pages locally 1st, if it works than i upload to live server.

Hope this will help you a little.

Regards

[sayedsohail]

well, its seems a very interesting topic, i do have a question friends,  i have some weird problem using sessions.

 

sessions always rejects my first login attempt and and on IInd attempt with same login details i can loginin. I am not sure if i am only person having this problem.

 

 

[tippy_102]

Dear mmarif4u, I have an information for you. I have Apache 2.0.54, php 5.2.3 and mysql 4.1.20 installed in my PC. I never face any problem when testing in my PC. But when I upload my files in the server (configuration: mysql 5.0.41, php 5.2.3), the session automatically expires after some time whether I close the browser window or not. Now what may be the problem?

 

Your server must have a different session maxlifetime setting that on your PC.

 

Look for session.gc_maxlifetime in your php.ini - make the settings identical on your server and PC, then your PC testing will be a more accurate representation of what you will get on your server.

 

 

[abdfahim]

thanx tippy_102, I was expecting something like that. But the problem is how can I know the session maxlifetime of the server??

[abdfahim]

Sorry, I forgot to ask something.Can't I ignore the session.gc_maxlifetime setting in the server through my php coding and set my own setting for the page?

[tippy_102]

But the problem is how can I know the session maxlifetime of the server??

 

phpinfo() will answer that question

 

 

[mmarif4u]

@tippy_102 may i know what will be the default value for session.gc_maxlifetime in php 5.0 and above.

Or it will be different for each user while the version will be the same.

Any idea.

[Daniel0]

@tippy_102 may i know what will be the default value for session.gc_maxlifetime in php 5.0 and above.

Or it will be different for each user while the version will be the same.

Any idea.

 

It's 1440: http://php.net/ref.session