Page 1 of 1
Sessions or Cookies
Posted: Sun Apr 10, 2011 12:39 pm
by ChrisBull
I'm sure this has been asked before but my recent search on google only returned a post from 2007 that said use sessions but did't explain why. May be there are times when one is better than the other?
Im creating a site where after the user has logged in php will extract data from both a mysqql database and an xml file on the server, I then need to keep (and use) all of this information until they logout again, I will also need to update it if they change something.
While im on it, I'm not sure but is there a better extension to use, other than php that will act the same but is better at storing information?
Many Thanks For Your Time
Chris
Re: Sessions or Cookies
Posted: Sun Apr 10, 2011 12:53 pm
by Darhazer
The big difference is that session is stored at the server, while cookie is stored on the client.
The negatives from cookies are:
* They are send on every request, which increases bandwidth used by your application
* There is restriction how much data you can store
* The content of the cookie can be modified by the user, as well it can be stolen. You should not keep sensitive data in cookie (there are some security considerations for storing such data in session as well)
What is the problem with storing information with PHP?
Re: Sessions or Cookies
Posted: Sun Apr 10, 2011 1:08 pm
by Jonah Bron
The session is used for storing data particular to the user's session on your site (login, shopping cart, etc). Non-persistent data. To help you further, we'd need to know the nature of this data in the database/XML file.
Re: Sessions or Cookies
Posted: Sun Apr 10, 2011 3:12 pm
by ChrisBull
Thanks for the replies,
The data retrieved from the database is mainly login details and user details, so name, email, password unique id stuff like that. Data from the xml file will be lots of information of different types so numbers, long descriptive text, more names all sorts basically. I'm not storing any card information but from the users account they will be able to withdraw funds to their bank account (probably through paypal) so that should all be secure.
I don't have a problem with php I was just wondering if there is a better script. Also, once i have retrieved all of the information it stays on a single page application that changes content through javascript so is there any need for cookies or sessions or perhaps I could just store them in variables inside php, hadn't thought of that.
Re: Sessions or Cookies
Posted: Sun Apr 10, 2011 5:06 pm
by Jonah Bron
Don't store data like email and stuff in the session. All you need to store in the session is their identity, (a value indicating what user they are, probably the primary key of your users table), and anything specific to what they are doing at the moment.