Page 1 of 3
Cookies or Sessions?
Posted: Thu Dec 07, 2006 1:27 am
by kaisellgren
Hi all,
What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Re: Cookies or Sessions?
Posted: Thu Dec 07, 2006 1:38 am
by Zoxive
kaisellgren wrote:Hi all,
What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Whats better? A lot of websites use both, but i think sessions are almost necessary.
Re: Cookies or Sessions?
Posted: Thu Dec 07, 2006 1:44 am
by hrubos
kaisellgren wrote:Hi all,
What do you think, which would be better - cookies or sessions? I can't decided what to use in my membership system.
Cookie or sessions , You should chose by your self. BUt I see now seeseion is popular. Because some browser don't accep cookie, coookie can't be used, however session still can be used by delivering sesion ID betwwen browsers _ URL . example : script.php?session=abc123
Number of data are delivered by browser and server : only session ID are delivered between browser and server, so data are saved on server
Hope you have the best way for your work.
Posted: Thu Dec 07, 2006 2:12 am
by evilchris2003
The main thing to consider is cookies can be denied by the user similar to javascript in that way
Sessions on the otherhand require a little more code to use them
you must call session_start(); at the beginning of each page you want to use them with
cookies vs sessions
Posted: Thu Dec 07, 2006 4:51 am
by Jaxolotl
another IMPORTANT thing to consider is that with sessions you may store your information in a most secure way than coockies, and (unless this change lately) the only thing you store on the client's "memory" is the session ID, with coockies all the info is stored on the coockie.
For login functions is suggested to use SESSIONS.
evilchris2003, is very usefull to organize your code in sets of instructions, for example sessions and db abstractions can be written on a separate file and the included on each php page before rurrning other code.
expl config.php
Code: Select all
<?php
session_start();
session_register('USER_NAME');
?>
then
Code: Select all
<?php include_once("my_dir/config.php");
if($_SESSION['USER_NAME']){
echo "hellow ". $_SESSION['USER_NAME'];
}
else{
echo "hi visitor, please log in";
}
?>
Posted: Thu Dec 07, 2006 5:06 am
by CoderGoblin
Quote from
http://www.unix.org.ua/orelly/web/jscript/ch15_04.html
...Cookies are intended for infrequent storage of small amounts of data. They are not intended as a general-purpose communication or mechanism; use them in moderation. Note that web browsers are not required to retain more than 300 cookies total, nor more than 20 cookies per web server (for the entire server, not just for your page or site on the server), nor to retain more than 4 kilobytes of data per cookie (both name and value count towards this 4 kilobyte limit). The most restrictive of these is the 20 cookies per server limit, and so it is not a good idea to use a separate cookie for each variable you want to save. Instead, you should try to store multiple state variables within a single named cookie....
Hence I would use session with the session id stored in a cookie by default.
Posted: Thu Dec 07, 2006 5:07 am
by onion2k
Use cookies when you need something stored for an arbitrary length of time, use sessions when you need something stored for the length of the user's session. It's not a case of 'which is better?' because they do different things.
Posted: Thu Dec 07, 2006 5:21 am
by neel_basu
Hello
Would Anyone Please Tell Me ?
Whats The Difference Between Cookies And Sessions ??
Please
Posted: Thu Dec 07, 2006 5:29 am
by volka
Posted: Thu Dec 07, 2006 5:31 am
by kaisellgren
Thanks for the help.
So I'll use cookies to store username and password for 2 weeks. Then ill check if cookies username and password foud and they match database, then ill set some session variables to gain logged access right?
Posted: Thu Dec 07, 2006 5:34 am
by neel_basu
No I Mean Are Cookies And Sessions Technically The Same Thing ??
Posted: Thu Dec 07, 2006 5:39 am
by volka
neel_basu wrote:No I Mean Are Cookies And Sessions Technically The Same Thing ??
No, and the two articles tell you more about it (and the differences)
Posted: Thu Dec 07, 2006 5:51 am
by Jaxolotl
kaisellgren wrote:Thanks for the help.
So I'll use cookies to store username and password for 2 weeks. Then ill check if cookies username and password foud and they match database, then ill set some session variables to gain logged access right?
To store such data in a coockie is really unsafe, I suggesto you to store for example some unique identification on coockie (you may use the MD5 hash of the user id for example) and then make a query where the coockie informations is equal to the user_id hashed . So you allways get a unique identification without compromising the password or username.
Is just a fast example to suggest you an idea, it would be better to think something cheaper (on resources) because this operation may hash the entire user_id table before get the match.
Posted: Thu Dec 07, 2006 5:57 am
by neel_basu
HELLO
I THINK ITS A VERRY IMPORTANT NEWS TO EVEY BODY
THAT
md5 can Be Decrypted here Is Someone Who Decrypt The md5 Encryption
http://www.paklinks.com/gs/showthread.php?t=194932
Posted: Thu Dec 07, 2006 6:00 am
by JayBird
It is also very OLD news!