hassank1 Posted April 4, 2008 Share Posted April 4, 2008 which better to use for a login system ... sessions or cookies ..? and what's the pros and cons of each !? Quote Link to comment Share on other sites More sharing options...
Coreye Posted April 4, 2008 Share Posted April 4, 2008 You may want to read some posts on these threads: http://www.phpfreaks.com/forums/index.php/topic,136831.0.html http://www.phpfreaks.com/forums/index.php/topic,185582.0.html http://www.phpfreaks.com/forums/index.php/topic,99899.0.html http://www.phpfreaks.com/forums/index.php/topic,174662.0.html http://www.phpfreaks.com/forums/index.php/topic,127092.0.html Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted April 4, 2008 Share Posted April 4, 2008 Sessions: stored on the server Cookies: stored on the client's machine. If you would like people to remain logged in whever they come to your website, use cookies. Otherwise use sessions. Sessions usually set a cookie however, to track the session ID. This can be parsed around in the URL though. As was mentioned, it's probably best you do some reading. Quote Link to comment Share on other sites More sharing options...
hassank1 Posted April 4, 2008 Author Share Posted April 4, 2008 thx for the help..am checking the topics .. however does sessions have security exploits? Quote Link to comment Share on other sites More sharing options...
ohdang888 Posted April 4, 2008 Share Posted April 4, 2008 as far as i know.... sessions actually have less security things... Cookies are stored on the use computer, so thy(hackers) can get in and change the cookies really easy... Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted April 4, 2008 Share Posted April 4, 2008 Indeed. The main security issue with sessions occurs when you allow the session ID to be passed around in the URL. What happens is that people may give someone else a link, not realising their session ID is in that link. The person that recieves the link then becomes logged in. Hence why this option is generally disabled. Quote Link to comment Share on other sites More sharing options...
bryan52803 Posted April 4, 2008 Share Posted April 4, 2008 In short, both. This is the most secure way, in my opinion. Use sessions, but store the session ID in the cookie. Session propagation through URL, as described above, has security risks. Storing session data in a cookie has its equally dangerous implications, if someone is able to steal the cookie. So store the session data on the server however you choose, and keep track of session ID's to correspond to the data in their cookies. Bryan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.