hassank1 Posted April 4, 2008 Share Posted April 4, 2008 which better to use for a login system ... sessions or cookies ..? and what's the pros and cons of each !? Link to comment https://forums.phpfreaks.com/topic/99591-sessions-vs-cookies/ Share on other sites More sharing options...
Coreye Posted April 4, 2008 Share Posted April 4, 2008 You may want to read some posts on these threads: http://www.phpfreaks.com/forums/index.php/topic,136831.0.html http://www.phpfreaks.com/forums/index.php/topic,185582.0.html http://www.phpfreaks.com/forums/index.php/topic,99899.0.html http://www.phpfreaks.com/forums/index.php/topic,174662.0.html http://www.phpfreaks.com/forums/index.php/topic,127092.0.html Link to comment https://forums.phpfreaks.com/topic/99591-sessions-vs-cookies/#findComment-509503 Share on other sites More sharing options...
GingerRobot Posted April 4, 2008 Share Posted April 4, 2008 Sessions: stored on the server Cookies: stored on the client's machine. If you would like people to remain logged in whever they come to your website, use cookies. Otherwise use sessions. Sessions usually set a cookie however, to track the session ID. This can be parsed around in the URL though. As was mentioned, it's probably best you do some reading. Link to comment https://forums.phpfreaks.com/topic/99591-sessions-vs-cookies/#findComment-509513 Share on other sites More sharing options...
hassank1 Posted April 4, 2008 Author Share Posted April 4, 2008 thx for the help..am checking the topics .. however does sessions have security exploits? Link to comment https://forums.phpfreaks.com/topic/99591-sessions-vs-cookies/#findComment-509542 Share on other sites More sharing options...
ohdang888 Posted April 4, 2008 Share Posted April 4, 2008 as far as i know.... sessions actually have less security things... Cookies are stored on the use computer, so thy(hackers) can get in and change the cookies really easy... Link to comment https://forums.phpfreaks.com/topic/99591-sessions-vs-cookies/#findComment-509571 Share on other sites More sharing options...
GingerRobot Posted April 4, 2008 Share Posted April 4, 2008 Indeed. The main security issue with sessions occurs when you allow the session ID to be passed around in the URL. What happens is that people may give someone else a link, not realising their session ID is in that link. The person that recieves the link then becomes logged in. Hence why this option is generally disabled. Link to comment https://forums.phpfreaks.com/topic/99591-sessions-vs-cookies/#findComment-509576 Share on other sites More sharing options...
bryan52803 Posted April 4, 2008 Share Posted April 4, 2008 In short, both. This is the most secure way, in my opinion. Use sessions, but store the session ID in the cookie. Session propagation through URL, as described above, has security risks. Storing session data in a cookie has its equally dangerous implications, if someone is able to steal the cookie. So store the session data on the server however you choose, and keep track of session ID's to correspond to the data in their cookies. Bryan Link to comment https://forums.phpfreaks.com/topic/99591-sessions-vs-cookies/#findComment-509639 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.