As in the before posts: newbie says hello.
Regarding a login / logout.
What is best to use: session or cookie. Perhaps a little explanation about them.... (sorry it is rather late and I've been working for more than 12 hours now, with some breaks of course)
I am thinking that session is serverside, while cookie is clientside. The cookie part means that the user must have cookies enabled.... what if the user does not have cookies enabled ?
Just occured to me: do you use both? session and cookie ? Any downfalls and benefits to 1, the other, both ?
Regards, B
php dinamic website > session vs cookie
Moderator: General Moderators
- evilmonkey
- Forum Regular
- Posts: 823
- Joined: Sun Oct 06, 2002 1:24 pm
- Location: Toronto, Canada
sessions are much more secure as the user has no access to the data stored in a session (cookie is just plain text). Be that as it may, it's still a VERY bad idea to carry personal information in an $_SESSION superglobal (it's fatal to carry it in a $_COOKIE autoglobal). I use cookies and sessions together like this: when a user logs in, he has the option for the site to remeber him. Should that option be checked, I store a cookie in his computer with his session_id, and I store that same session_id in a database. Each time a user hits my homapge, I run a cookie check (check if he has a cookie set from my domain, if he does, check to make sure that the session_id matches the one in the database), and if the check passes, I start a session with all the information I need about the user (user_id, username, etc.). I would never carry any user information (other than some very obscure id) in a cookie.
Good luck.
Good luck.
php sessions automatically attempt to use a cookie to store a unique session id on a client's machine. If cookies are disabled, the session id is appended to every url within the site.
All session information (onless otherwise specified) is stored in a directory above your root directory (which you may specify in the ini file). When session information is requested, php checkes whether the user has a cookie with the correct session id, if not it checks the url. If it finds a correct id in either, it retrieves the requested variable from the file stored above the root, and returns it. make sense?
All session information (onless otherwise specified) is stored in a directory above your root directory (which you may specify in the ini file). When session information is requested, php checkes whether the user has a cookie with the correct session id, if not it checks the url. If it finds a correct id in either, it retrieves the requested variable from the file stored above the root, and returns it. make sense?
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
Another thing to bear in mind is that cookies have limitations as to how many you can have so it is always a good idea to keep it as clean/small as possible. Normally I only use the cookie to store the session id. Then the user_id is stored in the session if the user logs in as this is the information that is normally used in any select statement applicable for that user.