COOKIE's or SESSION's?

[magnetica]

I am currently designing a member system for my site.

 

I was just wondering whether it's better to store them as logged in, in a cookie or a session?

[PhaZZed]

Sessions without a doubt.

[denechtew]

The big difference is that cookies are client-sided (process) and sessions are server sided processes.

 

(out my book):

Cookies have got a bad name when it's about privacy and safety. Old browsers can't work with cookies, modern browsers have got the option to hide them. Cause cookies are client sided you are never 100% sure that the data in a cookie original is. Maybe the user has been working (editing) on the cookie. So you need to check the data again. This is more codework.

 

Best regards,

 

denechtew

[magnetica]

Ok this is what i thought.

 

I downloaded a sample login system which uses cookies, but i have been modifying the whole script.

 

So should i use sessions for the periods that the user is logged in:

 

I.E. session variables set when user logs in. session cleared when they log out or are inactive for a certian amount of time.

 

A a very basic level, is the above example a good way?

[ToonMariner]

Sessions also use cookies and you may not be able to configure your server to work without them...

 

Its all a question of what data are you protecting - if there is nothing on your site that is sensitive like financial details then don't worry too much about security (by that I mean people seeing others details).

 

I personally use a method to help out those who may have their accounts hacked by storing their e-mail on registration in 2 fields

one can be altered teh other can't

whenever a user needs to reset their password and email is sent to the original registartion email - so if their account does get hacked they can get it back again.

 

if you are worried about storing certain data - don't ask for it - especially if you don't need it.