Cookies vs Sessions, which is better?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Cookies vs Sessions, which is better?

Post by Jade »

Hello,

I run an internet game (http://www.whiteoakstables.net) and lots of people on my site are having problems with their cookies. So i was wondering

1) is there anything i can do to fix that?

2) should i be using sessions instead?


3) which are generally preferred, sessions or cookies? Which is better, or what are the good and bad points of each?


If anyone can give me a heads up on this issue i'd really appreciate it. From the looks of it i'm loosing business by using cookies because lots of people are having trouble with them....can anyone point me in the right direction??


Jade
jade@whiteoakstables.net


Jade
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Re: Cookies vs Sessions, which is better?

Post by nielsene »

Jade wrote:Hello,

I run an internet game (http://www.whiteoakstables.net) and lots of people on my site are having problems with their cookies. So i was wondering

1) is there anything i can do to fix that?

2) should i be using sessions instead?


3) which are generally preferred, sessions or cookies? Which is better, or what are the good and bad points of each?
What type of problems are your users having with the cookies? Are they privacy minded people who just don't like cookies? Are they using very old browsers? Are they reporting features as bugs?

Asking which is better "cookies" or "sessions" comes up about once every two weeks.... And its basically which is better "apples" or "oranges" or maybe more like "apples" or "applesauce". Ie it depends what you need.

The basic idea of sessions is to send the minimal amount of information to the user and then track all the other information on the server side keyed by that single data item. Sessions will try to send that one piece of info by a cookie first. If the user doesn't accept the cookie, then it will use a GET style URL-mangling instead. This data is called the Session ID. All the session variables reside server-side. If you are basically already doing this, by sending a single cookie and storing everytrhing else in the database, you won't see much difference of sessions vs cookies, except for the semi-transparent fail-through to GET.

However Cookies let you sit persistent values. Values that will last after hte browser (session) has finished. For instance any auto-login/remember me script requires cookies (possibly in addition to sessions.)

So in general I think you should use sessions for state keeping, but remember they are built ontop of cookies, so if your users have errors (and not issues) with your cookies, it worth figuring out why first.
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Post by Jade »

Hello Eric,

thanks for answering my post. Right now I'm only using a cookie to store one piece of information about my members, their id number. However, the problem i'm running into is that some people (even using the newest downloaded version of IE) are not able to access my site. The only reason someone isn't allowed to access the game is because they don't have a cookie on their computer.

In short, my cookie problem is that a cookie isn't being made on their computer. I've even had complaints from people who say there cookies are on (and they actually are) that still can't reach the site. I'm not sure what to do about this becuase the majority of my members CAN get to my site just fine. The whole problem with the cookies stumps me, which is why I'm considering changing to sessions.

Have any more thoughts for me? Any are appreciated.

Jade
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Well if it isn't hard to switch to sessions, it might be worth the try, if only to gain the automatic fallback to GET. If that deson't fix the problems there there is something else wrong causing the problems. However if your game is large, I suspect switching to sessions would take a while. Its definately worth trying to find a way to recreate the problem on a test machine that you have access to to figure out why it breaks even if they have the cookie....

Do you have a autologin/remember me feature? If yes, that will break when you change....
Post Reply