Hello
Can someone explain me... Exactly what is the advantage of sessions over cookies?
I understood sessions may also work if a visitor has cookies disabled. But the &sid=xxxxx on the url is an ugly workaround (doesn't that mess up SEO?) and I wonder... Is there really a significant percentage of visitors who can't use cookies??
Why sessions?
Moderator: General Moderators
Re: Why sessions?
You don't have to use get or post as the session vars are stored from page to page. You can also use url rewrite for ugly urls.
Re: Why sessions?
Sessions are stored on the server, rather than the browser. Stuff from $_SESSION can be considered safe, as it's never directly exposed to the user. $_COOKIES have to be assumed dangerous, as the user can put whatever value they want in cookies.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: Why sessions?
How do you mean, with mod_rewrite? Wouldn't that delete the session info?papa wrote:You don't have to use get or post as the session vars are stored from page to page. You can also use url rewrite for ugly urls.
I think I don't understand... if the session data is not stored in cookies, how can it be transferred from one page to another without adding ugly &sid=xxx parameters on the url?
Is this certain? Doesn't that depend on the php / server settings? How about the cookies that get created when you start a session?pickle wrote:Sessions are stored on the server, rather than the browser. Stuff from $_SESSION can be considered safe, as it's never directly exposed to the user. $_COOKIES have to be assumed dangerous, as the user can put whatever value they want in cookies.
And isn't there still a risk that users could exchange eachothers session-cookies?
Re: Why sessions?
http://us.php.net/manual/en/intro.session.php
Url rewrite has nothing to do with sessions. Google around and you'll find some nice reading.
Url rewrite has nothing to do with sessions. Google around and you'll find some nice reading.