Home > Archive > PHP Language > November 2005 > to cookie or not to cookie
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
to cookie or not to cookie
|
|
| Bruintje Beer 2005-11-10, 6:56 pm |
| Hi,
What is better to use cookies or sessions.
Johan
| |
| Oli Filth 2005-11-10, 6:56 pm |
| Bruintje Beer said the following on 08/11/2005 16:12:
> Hi,
>
> What is better to use cookies or sessions.
>
The two are not mutually exclusive. Sessions usually rely on cookies
(sessions can also be implemented by appending a UID to all links, but
this is far less flexible and has some annoying consequences).
IMO, you should aim to store as little information on the client
computer as possible; by this logic sessions are the way to go.
--
Oli
| |
| Erwin Moller 2005-11-10, 6:56 pm |
| Bruintje Beer wrote:
> Hi,
>
> What is better to use cookies or sessions.
>
> Johan
Hi Bruintje Beer,
[Heb je nog veel honing gesmikkeld de laatste tijd?]
Session or cookies?
You can use them both, depending on what you try to accomplish.
In general:
Session:
Sessiondata is stored on the server, and cannot directly be manipulated by
the client.
The drawback of sessions is the fact that they expire on most setups. (Why
keep sessiondata 'alive' for 10 years?)
So most sessiondata is destroyed after 30 minutes inactivity or so.
Cookie:
Cookies are stored on the clients machine.
Cookie is completely unreliable when it comes to security: Everybody who
knows anything about browsers can easily manipulate the content of the
cookie.
So my advise:
If you want to store sensitive data, use a session.
If you want to store unimportant data, you can use a cookie.
Cookies are really handy when you need to store userpreferences, like the
way your site looks, and want the preferences loaded the next time the
client visits your site.
To complicate things futher: Sessions often use a cookie to store the
PHPSESSID used by the server to identify a certain session.
Hope this helps you decide what is best.
Regards,
Erwin Moller
| |
| Bruintje Beer 2005-11-10, 6:56 pm |
|
"Erwin Moller"
< since_humans_read_this_I_am_spammed_too_
much@spamyourself.com> schreef in
bericht news:4371c5d2$0$11075$e4fe514c@news.xs4all.nl...
> Bruintje Beer wrote:
>
>
> Hi Bruintje Beer,
>
> [Heb je nog veel honing gesmikkeld de laatste tijd?]
>
> Session or cookies?
> You can use them both, depending on what you try to accomplish.
>
> In general:
> Session:
> Sessiondata is stored on the server, and cannot directly be manipulated by
> the client.
>
> The drawback of sessions is the fact that they expire on most setups. (Why
> keep sessiondata 'alive' for 10 years?)
> So most sessiondata is destroyed after 30 minutes inactivity or so.
>
> Cookie:
> Cookies are stored on the clients machine.
> Cookie is completely unreliable when it comes to security: Everybody who
> knows anything about browsers can easily manipulate the content of the
> cookie.
>
> So my advise:
> If you want to store sensitive data, use a session.
> If you want to store unimportant data, you can use a cookie.
>
> Cookies are really handy when you need to store userpreferences, like the
> way your site looks, and want the preferences loaded the next time the
> client visits your site.
>
> To complicate things futher: Sessions often use a cookie to store the
> PHPSESSID used by the server to identify a certain session.
>
> Hope this helps you decide what is best.
>
> Regards,
> Erwin Moller
Thanks,
nee, bruintje beer drinkt alleen bier :)
|
|
|
|
|