Cookies or Sessions?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Cookies or Sessions?

Post by kaisellgren »

Hi all,

What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Re: Cookies or Sessions?

Post by Zoxive »

kaisellgren wrote:Hi all,

What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Whats better? A lot of websites use both, but i think sessions are almost necessary.
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Re: Cookies or Sessions?

Post by hrubos »

kaisellgren wrote:Hi all,

What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Cookie or sessions , You should chose by your self. BUt I see now seeseion is popular. Because some browser don't accep cookie, coookie can't be used, however session still can be used by delivering sesion ID betwwen browsers _ URL . example : script.php?session=abc123

Number of data are delivered by browser and server : only session ID are delivered between browser and server, so data are saved on server

Hope you have the best way for your work.
User avatar
evilchris2003
Forum Contributor
Posts: 106
Joined: Sun Nov 12, 2006 6:43 am
Location: Derby, UK

Post by evilchris2003 »

The main thing to consider is cookies can be denied by the user similar to javascript in that way

Sessions on the otherhand require a little more code to use them

you must call session_start(); at the beginning of each page you want to use them with
User avatar
Jaxolotl
Forum Contributor
Posts: 137
Joined: Mon Nov 13, 2006 4:19 am
Location: Argentina and Italy

cookies vs sessions

Post by Jaxolotl »

another IMPORTANT thing to consider is that with sessions you may store your information in a most secure way than coockies, and (unless this change lately) the only thing you store on the client's "memory" is the session ID, with coockies all the info is stored on the coockie.
For login functions is suggested to use SESSIONS.


evilchris2003, is very usefull to organize your code in sets of instructions, for example sessions and db abstractions can be written on a separate file and the included on each php page before rurrning other code.

expl config.php

Code: Select all

<?php
session_start(); 
session_register('USER_NAME'); 
?>
then

Code: Select all

<?php include_once("my_dir/config.php");

if($_SESSION['USER_NAME']){
echo "hellow ". $_SESSION['USER_NAME'];
}
else{
echo "hi visitor, please log in";
}
?>
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

Quote from http://www.unix.org.ua/orelly/web/jscript/ch15_04.html
...Cookies are intended for infrequent storage of small amounts of data. They are not intended as a general-purpose communication or mechanism; use them in moderation. Note that web browsers are not required to retain more than 300 cookies total, nor more than 20 cookies per web server (for the entire server, not just for your page or site on the server), nor to retain more than 4 kilobytes of data per cookie (both name and value count towards this 4 kilobyte limit). The most restrictive of these is the 20 cookies per server limit, and so it is not a good idea to use a separate cookie for each variable you want to save. Instead, you should try to store multiple state variables within a single named cookie....

Hence I would use session with the session id stored in a cookie by default.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Use cookies when you need something stored for an arbitrary length of time, use sessions when you need something stored for the length of the user's session. It's not a case of 'which is better?' because they do different things.
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

Hello
Would Anyone Please Tell Me ?
Whats The Difference Between Cookies And Sessions ??
Please
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Post by kaisellgren »

Thanks for the help.

So I'll use cookies to store username and password for 2 weeks. Then ill check if cookies username and password foud and they match database, then ill set some session variables to gain logged access right?
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

No I Mean Are Cookies And Sessions Technically The Same Thing ??
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

neel_basu wrote:No I Mean Are Cookies And Sessions Technically The Same Thing ??
No, and the two articles tell you more about it (and the differences)
User avatar
Jaxolotl
Forum Contributor
Posts: 137
Joined: Mon Nov 13, 2006 4:19 am
Location: Argentina and Italy

Post by Jaxolotl »

kaisellgren wrote:Thanks for the help.

So I'll use cookies to store username and password for 2 weeks. Then ill check if cookies username and password foud and they match database, then ill set some session variables to gain logged access right?
To store such data in a coockie is really unsafe, I suggesto you to store for example some unique identification on coockie (you may use the MD5 hash of the user id for example) and then make a query where the coockie informations is equal to the user_id hashed . So you allways get a unique identification without compromising the password or username.
Is just a fast example to suggest you an idea, it would be better to think something cheaper (on resources) because this operation may hash the entire user_id table before get the match.
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

HELLO
I THINK ITS A VERRY IMPORTANT NEWS TO EVEY BODY

THAT

md5 can Be Decrypted here Is Someone Who Decrypt The md5 Encryption

http://www.paklinks.com/gs/showthread.php?t=194932
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

neel_basu wrote:HELLO
I THINK ITS A VERRY IMPORTANT NEWS TO EVEY BODY

THAT

md5 can Be Decrypted here Is Someone Who Decrypt The md5 Encryption

http://www.paklinks.com/gs/showthread.php?t=194932
It is also very OLD news!
Post Reply