Hi,
is there any reason, whatsoever for not using and relying on sessions.
Of course we assume we put only validated data in sessions.
One reason I see is probably on shared hosting ....seeing others session files (this could be avoided by storing sessions in DB for example).
But generally speaking, dedicated server, is there security problems or any other reason why one would not choose sessions but other weird ways to propagate data between pages.
any reason why should not use $_SESSION
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
The first potential problem I thought of is how sessions are stored. PHP stores a session ID in a temporary cookie on the client. It then uses that session id to re-access the session data on each page load. If your connection isn't secure, someone could intercept the setting of the cookie data & in turn access the session data.
The way to fix that is to make your connection https.
The way to fix that is to make your connection https.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.