Why sessions?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
GimbaL
Forum Newbie
Posts: 18
Joined: Thu Apr 16, 2009 3:28 am

Why sessions?

Post by GimbaL »

Hello

Can someone explain me... Exactly what is the advantage of sessions over cookies?

I understood sessions may also work if a visitor has cookies disabled. But the &sid=xxxxx on the url is an ugly workaround (doesn't that mess up SEO?) and I wonder... Is there really a significant percentage of visitors who can't use cookies??
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: Why sessions?

Post by papa »

You don't have to use get or post as the session vars are stored from page to page. You can also use url rewrite for ugly urls.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Why sessions?

Post by pickle »

Sessions are stored on the server, rather than the browser. Stuff from $_SESSION can be considered safe, as it's never directly exposed to the user. $_COOKIES have to be assumed dangerous, as the user can put whatever value they want in cookies.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
GimbaL
Forum Newbie
Posts: 18
Joined: Thu Apr 16, 2009 3:28 am

Re: Why sessions?

Post by GimbaL »

papa wrote:You don't have to use get or post as the session vars are stored from page to page. You can also use url rewrite for ugly urls.
How do you mean, with mod_rewrite? Wouldn't that delete the session info?
I think I don't understand... if the session data is not stored in cookies, how can it be transferred from one page to another without adding ugly &sid=xxx parameters on the url?
pickle wrote:Sessions are stored on the server, rather than the browser. Stuff from $_SESSION can be considered safe, as it's never directly exposed to the user. $_COOKIES have to be assumed dangerous, as the user can put whatever value they want in cookies.
Is this certain? Doesn't that depend on the php / server settings? How about the cookies that get created when you start a session?

And isn't there still a risk that users could exchange eachothers session-cookies?
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: Why sessions?

Post by papa »

http://us.php.net/manual/en/intro.session.php


Url rewrite has nothing to do with sessions. Google around and you'll find some nice reading. :)
Post Reply