SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    Pedantic Semantic blain's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Secure site login

    Previously I've always used a cookie to store a login, but which is better cookie or session?
    Technology is dominated by two types of people:
    those who understand what they do not manage,
    and those who manage what they do not understand.

  2. #2
    I Never Give Up roosevelt's Avatar
    Join Date
    May 2005
    Posts
    515
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    They really are basically the same thing. For example, if I turn off cookies in my browser, PHP Server will store the session in the server. But if I have it turned on, it will just store the information in my browser.

    To keep track of logins, how many people are logged in, you should use a Database .

    1) When a user loads a web page, store the session id in the database. And set logged in column to false.

    2) After the user authenticates with his password and userid, update the record with the matching session id and set logged in column to true.

    3) Now if the user requests a protected page just check if logged in is true for the session id the user has.

  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,840
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    A session will need either a cookie to store the session id or it will need to pass it in the querystring on the end of the URL every time a new page is loaded. All the other session details are stored on the server but the session id needs to be held in both places so that the session data can be matched back to the right visitor. So it isn't really a matter of one or the other since sessions generally require a cookie in order to work.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions only look cooler than cookies. Both are good and bad in there own ways. Sessions allow you to store data on server side while cookies allow you to store information Client side. If your storing data server side in a session variable, then you'll need a server side language to interface with the data. However if you use Cookies, you have the benefit of being able to use both client side and server side languages to access it. However, hijacking a cookie is easy, retardedly easy, while hijacking a session takes a little more ingenuity, albeit not much more. Neither is better than the other. They are both useful in unique ways. For instance, storing user privileges for an applications look might better be stored in a cookie and managed through javascript but user information, there name, email and so on might better be stored in a session... And so on...

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,840
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by imaginethis View Post
    However, hijacking a cookie is easy, retardedly easy, while hijacking a session takes a little more ingenuity, albeit not much more.
    How would hijacking a session be harder than hijacking a cookie. If hijacking a cookie is easy then any session could be hijacked by hijacking the session cookie. Hijacking a session is therefore at least as easy as hijacking a cookie and is easier if any way of hijacking the session exists that doesn't involve hijacking the cookie associated with the session. The only way to have a session without a cookie puts the session id in the URL where it is easier to hijack than it would be in a cookie.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions and cookies are apples and oranges.

    Sessions use cookies. It's no different whether you do the cookie handling yourself or let PHP's session feature do it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •