SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Wizard
    Join Date
    May 2003
    Location
    Berlin, Germany
    Posts
    1,829
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session Question

    I was just wondering if one can't achieve the same what sessions achieve just with the setcookie() function.

    For example:

    Code:
    setcookie( "uname", "$uname", time() + (3600 * 24 * 56) );
    setcookie("upassword", "$upassword", time() + (3600 * 24 * 56));
    
    // have code here to check if $uname and $password are valid
    
    // if yes, display content, if not, display error message
    Well, the disadvantages are that you can't have a "remember me?" thing and also the browser must support cookies or else you would have to login on every page you visit.

    Meh, I just figured the disadvantages out myself, posting this nevertheless to get some more input.

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Apr 2003
    Posts
    4,095
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Let's put in this way: many browsers don't support cookies, and if a user's cookie folder/file is too full, more can't be added. I recommend sessions.

  3. #3
    ********* Member website's Avatar
    Join Date
    Oct 2002
    Location
    Iceland
    Posts
    1,238
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But you know sessions use cookies to (but if cookies are not supported by the user it places the id in the url).
    There are some things I dislike with the idea of not using cookies (that is store the session id in the url). The first thing is that it is in the url, so everyone can look over your shoulder and see it (even though it is propably to complicated to remember). The second thing which is the most important is that the session id gets saved in history, that means if someone else uses your computer browser, he can see in the history the page with the session id attached to the url, this poses a possible security threat.

    I do force users to use cookies, most (almost all) browsers do support cookies and if the user is using browser that doesn't support cookies, I would simply inform him of that and give him link to download a browser that does support cookies.

    Now this post has becomed much longer then planned so I will stop now.
    - website

  4. #4
    SitePoint Wizard
    Join Date
    May 2003
    Location
    Berlin, Germany
    Posts
    1,829
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm..nice view website. There are some good arguments in it.

    Some advice to empty the history would be good too, though.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •