SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Evangelist barbara1712's Avatar
    Join Date
    Apr 2007
    Location
    India
    Posts
    508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    session and cookies.what is preffered

    Hello Guys,

    Can anyone explain me what is preffered? cookies or sessions.
    Barbara

  2. #2
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    For me sessions work best, because they hold sensitive information on the server whereas cookies are accessable to anyone on the computer, and can be changed.

    i.e. if you have a session saying if the person is an admin, they could put this in the URL bar:
    Code javascript:
    javascript:alert(document.cookie="admin=true");
    and they are now admin.

    Sessions are much more secure.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  3. #3
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions. Use cookies only when you really need data to persist for more than the browser session, when it's not secure and when it's really not that important. Which doesn't happen very often.

    If it's secure then sending to the client is bad. If it's important than relying on the client cookie is bad. Use a database.

    Also, there is a limit to the number of cookies that a browser will store for a given domain. It can be as low as 20 depending on the browser.

  4. #4
    SitePoint Enthusiast w!ll's Avatar
    Join Date
    May 2008
    Location
    Bucharest, Romania
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also recommend sessions, because sessions can be used on multiple computers.
    Gumball 3000 Rally Pictures
    Adauga site (Web Directory - only for romanian websites)

  5. #5
    Floridiot joebert's Avatar
    Join Date
    Mar 2004
    Location
    Kenneth City, FL
    Posts
    823
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Apples to oranges.

    Don't compare the two, they have different purposes. One being temporary persistence, the other being semi-long-term persistence.

  6. #6
    SitePoint Zealot
    Join Date
    Dec 2006
    Location
    England, UK
    Posts
    160
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It depends what you're using it for; to keep a user logged-in for instance, sessions would be my preference. For 'remember me' functionality, there's not much choice other than cookies.

    You also need to bear in mind that cookies can be 'stolen' using cookie jars and virii / spyware etc..
    Session IDs in the url can be inadvertantly sent to external site's logs (the referrer header)

    The only semi-secure way is to use php sessions I think, but as someone hinted at above, it depends on what you are storing.


    Regards,
    Kwah

  7. #7
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,597
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    Storing your session id in a cookie is preferable to storing it in the querystring but when people have cookies disabled storing the session id in the querystring is the only way of passing the session between pages.

    Using a session has the advantage that with the exception of the session id all of the data associated with the session is stored on the server.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  8. #8
    SitePoint Addict CVPer's Avatar
    Join Date
    Sep 2007
    Location
    Vancouver, BC, Canada
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    choosing sessions or cookies really depends on your needs. here are two basic principles that i use them,
    - use sessions for sensitive data (such as user id) and temporary data (such as form inputs carried between pages), and
    - use cookies for insensitive and 'persistent' data

    it seems that people tend to not use cookies but for some particular cases, cookies are still quite useful, for example, for return visitors, it would be thought very friendly if the website can 'remember' visitors' personalized settings, such as font-size, colors. some sites can remember where the visitor were when they left the sites last time. some sites use cookies for tracking ads or stats data.
    * @location Vancouver, BC, Canada
    * @name Steve
    * @job PHP/MySQL, Drupal, WordPress Developer

  9. #9
    SitePoint Addict CVPer's Avatar
    Join Date
    Sep 2007
    Location
    Vancouver, BC, Canada
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by UFTimmy View Post
    Also, there is a limit to the number of cookies that a browser will store for a given domain. It can be as low as 20 depending on the browser.
    20 is the suggested minimum number of cookies per domain a browser should support. some browsers support much more, 50, 90, or more. someone said PHP has such a limit, 20, but i have never touched this limit. there is also a size limit, most browsers support at least 4k/domain. but in practice, 4k is quite a large capacity.
    * @location Vancouver, BC, Canada
    * @name Steve
    * @job PHP/MySQL, Drupal, WordPress Developer


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •