Session Question

[DarkAngelBGE]

I was just wondering if one can't achieve the same what sessions achieve just with the setcookie() function.

For example:

Code:

setcookie( "uname", "$uname", time() + (3600 * 24 * 56) );
setcookie("upassword", "$upassword", time() + (3600 * 24 * 56));

// have code here to check if $uname and $password are valid

// if yes, display content, if not, display error message

Well, the disadvantages are that you can't have a "remember me?" thing and also the browser must support cookies or else you would have to login on every page you visit.

Meh, I just figured the disadvantages out myself, posting this nevertheless to get some more input.

[cfm]

Let's put in this way: many browsers don't support cookies, and if a user's cookie folder/file is too full, more can't be added. I recommend sessions.

[website]

But you know sessions use cookies to (but if cookies are not supported by the user it places the id in the url).
There are some things I dislike with the idea of not using cookies (that is store the session id in the url). The first thing is that it is in the url, so everyone can look over your shoulder and see it (even though it is propably to complicated to remember). The second thing which is the most important is that the session id gets saved in history, that means if someone else uses your computer browser, he can see in the history the page with the session id attached to the url, this poses a possible security threat.

I do force users to use cookies, most (almost all) browsers do support cookies and if the user is using browser that doesn't support cookies, I would simply inform him of that and give him link to download a browser that does support cookies.

Now this post has becomed much longer then planned so I will stop now.

[DarkAngelBGE]

Hmm..nice view website. There are some good arguments in it.

Some advice to empty the history would be good too, though.