Cookies or Sessions?
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Cookies or Sessions?
Hi all,
What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Re: Cookies or Sessions?
Whats better? A lot of websites use both, but i think sessions are almost necessary.kaisellgren wrote:Hi all,
What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Re: Cookies or Sessions?
Cookie or sessions , You should chose by your self. BUt I see now seeseion is popular. Because some browser don't accep cookie, coookie can't be used, however session still can be used by delivering sesion ID betwwen browsers _ URL . example : script.php?session=abc123kaisellgren wrote:Hi all,
What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Number of data are delivered by browser and server : only session ID are delivered between browser and server, so data are saved on server
Hope you have the best way for your work.
- evilchris2003
- Forum Contributor
- Posts: 106
- Joined: Sun Nov 12, 2006 6:43 am
- Location: Derby, UK
- Jaxolotl
- Forum Contributor
- Posts: 137
- Joined: Mon Nov 13, 2006 4:19 am
- Location: Argentina and Italy
cookies vs sessions
another IMPORTANT thing to consider is that with sessions you may store your information in a most secure way than coockies, and (unless this change lately) the only thing you store on the client's "memory" is the session ID, with coockies all the info is stored on the coockie.
For login functions is suggested to use SESSIONS.
evilchris2003, is very usefull to organize your code in sets of instructions, for example sessions and db abstractions can be written on a separate file and the included on each php page before rurrning other code.
expl config.php
then
For login functions is suggested to use SESSIONS.
evilchris2003, is very usefull to organize your code in sets of instructions, for example sessions and db abstractions can be written on a separate file and the included on each php page before rurrning other code.
expl config.php
Code: Select all
<?php
session_start();
session_register('USER_NAME');
?>Code: Select all
<?php include_once("my_dir/config.php");
if($_SESSION['USER_NAME']){
echo "hellow ". $_SESSION['USER_NAME'];
}
else{
echo "hi visitor, please log in";
}
?>
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
Quote from http://www.unix.org.ua/orelly/web/jscript/ch15_04.html
...Cookies are intended for infrequent storage of small amounts of data. They are not intended as a general-purpose communication or mechanism; use them in moderation. Note that web browsers are not required to retain more than 300 cookies total, nor more than 20 cookies per web server (for the entire server, not just for your page or site on the server), nor to retain more than 4 kilobytes of data per cookie (both name and value count towards this 4 kilobyte limit). The most restrictive of these is the 20 cookies per server limit, and so it is not a good idea to use a separate cookie for each variable you want to save. Instead, you should try to store multiple state variables within a single named cookie....
Hence I would use session with the session id stored in a cookie by default.
...Cookies are intended for infrequent storage of small amounts of data. They are not intended as a general-purpose communication or mechanism; use them in moderation. Note that web browsers are not required to retain more than 300 cookies total, nor more than 20 cookies per web server (for the entire server, not just for your page or site on the server), nor to retain more than 4 kilobytes of data per cookie (both name and value count towards this 4 kilobyte limit). The most restrictive of these is the 20 cookies per server limit, and so it is not a good idea to use a separate cookie for each variable you want to save. Instead, you should try to store multiple state variables within a single named cookie....
Hence I would use session with the session id stored in a cookie by default.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
- Jaxolotl
- Forum Contributor
- Posts: 137
- Joined: Mon Nov 13, 2006 4:19 am
- Location: Argentina and Italy
To store such data in a coockie is really unsafe, I suggesto you to store for example some unique identification on coockie (you may use the MD5 hash of the user id for example) and then make a query where the coockie informations is equal to the user_id hashed . So you allways get a unique identification without compromising the password or username.kaisellgren wrote:Thanks for the help.
So I'll use cookies to store username and password for 2 weeks. Then ill check if cookies username and password foud and they match database, then ill set some session variables to gain logged access right?
Is just a fast example to suggest you an idea, it would be better to think something cheaper (on resources) because this operation may hash the entire user_id table before get the match.
- neel_basu
- Forum Contributor
- Posts: 454
- Joined: Wed Dec 06, 2006 9:33 am
- Location: Picnic Garden, Kolkata, India
HELLO
I THINK ITS A VERRY IMPORTANT NEWS TO EVEY BODY
THAT
md5 can Be Decrypted here Is Someone Who Decrypt The md5 Encryption
http://www.paklinks.com/gs/showthread.php?t=194932
I THINK ITS A VERRY IMPORTANT NEWS TO EVEY BODY
THAT
md5 can Be Decrypted here Is Someone Who Decrypt The md5 Encryption
http://www.paklinks.com/gs/showthread.php?t=194932
It is also very OLD news!neel_basu wrote:HELLO
I THINK ITS A VERRY IMPORTANT NEWS TO EVEY BODY
THAT
md5 can Be Decrypted here Is Someone Who Decrypt The md5 Encryption
http://www.paklinks.com/gs/showthread.php?t=194932