SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    COOKIES AND SECURE SESSION DISCUSSIONS

    Hello,

    I would like to know are cookies popular on the web? What are the percentage of web browsers with cookies enable? Is there any survey? Should web developers use cookies in their programs?

    Thanks in advance,
    John
    Last edited by johnn; Jul 26, 2001 at 11:11.

  2. #2
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    To answer your questions: yes, 95% or so, yes, yes

  3. #3
    SitePoint Member
    Join Date
    Jul 2001
    Location
    Kentucky
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Of course cookies are popular. The are almost essential.

  4. #4
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    chocolate chip is my fav.
    Last edited by DR_LaRRY_PEpPeR; Jul 26, 2001 at 13:06.
    - Matt ** Ignore old signature for now... **
    Dr.BB - Highly optimized to be 2-3x faster than the "Big 3."
    "Do not enclose numeric values in quotes -- that is very non-standard and will only work on MySQL." - MattR

  5. #5
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks.
    In php, when passing sessions, which method is better that is not easy to hack, passing session using cookies or passing session id using url parameter?

    Thanks in advance,
    John

  6. #6
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cookies are harder to hack, but using a url parameter is a good backup for people who have disabled cookies.

  7. #7
    code addict Abstraction's Avatar
    Join Date
    Apr 2001
    Location
    Des Moines, IA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If possible, avoid using session variables.

  8. #8
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Abstraction, why do you say that? Sessions are great if you use them properlly. I would say storing session data in a file or database is much better than storing that sort of data in a cookie. Could you explain why you take this stance?
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  9. #9
    code addict Abstraction's Avatar
    Join Date
    Apr 2001
    Location
    Des Moines, IA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by freddydoesphp
    Abstraction, why do you say that? Sessions are great if you use them properlly. I would say storing session data in a file or database is much better than storing that sort of data in a cookie. Could you explain why you take this stance?
    Yes, storing information in a db is better than a cookie.

    Sessions are great. But they hit the server more than using a plain querystring to pass paramaters.

    I don't know, but I think people in this thread have been using the word session to mean different things.

  10. #10
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Like performance wise? You might have a point but if you had 50 variables you needed to pass around your site, using a query string or hidden form fields would be ludicrous. And again if you choose to store session data in a db you wouldn't have the overhead of reading and writing to text files. I still say sessions are the best way to go when passing large amounts of data around your site.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  11. #11
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Definitely, passing using the query string is not practical for more than a few variables and is a major hassle if you have multiple links.

  12. #12
    code addict Abstraction's Avatar
    Join Date
    Apr 2001
    Location
    Des Moines, IA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Storing data between logins in a database is the best way to do it. IMO. You would have to be crazy to use a flat text file. But for passing data between pages during a login why use anything but the querystring. I feel that if it doesn't need to be kept between logins then why use a db. Of course there are exceptions to this.

  13. #13
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You would have to be crazy to use a flat text file.
    Unfortunately this is the way sessions are handled by default in PHP, unless you know how to rig up your own session handlers this is the only option. I myself use a set of functions to change the way php natively handles functions, by using a db table to store session data.

    But for passing data between pages during a login why use anything but the querystring.
    Like I said and Anarchos said, anything more than 5 variables gets pretty hectic to pass around in query strings and especially trying manage a ton of links in that manner. I would say it would be optimal to sotre that sort of information in sessions.

    Maybe you are confused by what a session is and how sessions work in PHP. Please don't take offense to that but lets say you had a 5 page quiz with 20 questions per page, and you only needed to keep the data for the life of the session. You aren't really gonna pass all the answers in query strings are you?

    Let's say we have a username/password proitected area of our site and once we authenticate users we need some way to track them during the life of the session, one for keeping unwanted visitors out and allowing poewple to stay logged in. If you were to use traditional query string method for this, think about how easy it would be to hack that system, these are the cases when session are nice and secure.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  14. #14
    code addict Abstraction's Avatar
    Join Date
    Apr 2001
    Location
    Des Moines, IA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, I do agree with you. I am just having trouble getting my ideas across. But I do agree there are times to use session variables and times not to.

  15. #15
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks. I'm concerned about the SID, and there are 2 methods to pass it: either by using cookies (default) or attaching SID to URL (manually or by setting enable-trans-id).

    FreddydoesPHP,
    Correct me if I'm wrong. Storing session data in database is the best, but you still need to pass SID by using one of the methods above. Which method do you think is more secure? Anarchos said using cookies are harder to hack.

    BTW, if I store session data in database and my website is in a share server, does the hosting company allow me to change the settings of php.ini such as session.save_handler = user ;

    Thank you in advance,
    John

  16. #16
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also if you have more than one app server (e.g. 2 load balanced web servers) and you use PHP-based sessions then they will be lost if the user gets redirected to the other server (which is very common of course). Using a DB stores the information in one place so you can have any number of web boxes.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •