I was just wondering if one can't achieve the same what sessions achieve just with the setcookie() function.
Well, the disadvantages are that you can't have a "remember me?" thing and also the browser must support cookies or else you would have to login on every page you visit.
setcookie( "uname", "$uname", time() + (3600 * 24 * 56) );
setcookie("upassword", "$upassword", time() + (3600 * 24 * 56));
// have code here to check if $uname and $password are valid
// if yes, display content, if not, display error message
Meh, I just figured the disadvantages out myself, posting this nevertheless to get some more input. :D
Let's put in this way: many browsers don't support cookies, and if a user's cookie folder/file is too full, more can't be added. I recommend sessions.
There are some things I dislike with the idea of not using cookies (that is store the session id in the url). The first thing is that it is in the url, so everyone can look over your shoulder and see it (even though it is propably to complicated to remember). The second thing which is the most important is that the session id gets saved in history, that means if someone else uses your computer browser, he can see in the history the page with the session id attached to the url, this poses a possible security threat.
Now this post has becomed much longer then planned so I will stop now. :p
Hmm..nice view website. There are some good arguments in it.
Some advice to empty the history would be good too, though.