Sessions: Cookies, uses URLs/SessionId, or Server based?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
mobzila
Forum Newbie
Posts: 3
Joined: Tue May 01, 2007 11:09 am

Sessions: Cookies, uses URLs/SessionId, or Server based?

Post by mobzila »

Hi,

I'm trying to create a mobile friendly login system using PHP. I'm quite new to PHP and have been looking up Sessions.

I have found contradicory information on this topic.

Some places state that PHP Sessions are better than Cookies becuase they store Session information on the server rather than on the client machine.

Other places state that Sessions use either Cookies or append Session information to URLs.

Does anybody know which one is correct? It seems like a very confusing area.

When I test the login page on my computer, I can't find any cookies stored on my PC from that login page's domain.

When i test the same page on a Sony Ericsson K750i the login system works fine.

But when I test it on my K700i it doesn't work at all.

Does anybody know for sure what the situation really is and why information out there is so contradictory on this topic?

Thanks and Regards.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

They are both correct.

The session ID information is stored in a cookie (if possible) and otherwise passed via the URL if not. (Provided settings are just so.)
mobzila
Forum Newbie
Posts: 3
Joined: Tue May 01, 2007 11:09 am

Post by mobzila »

Hi,

What about the third option i.e. stored on the server?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The information in the session is stored on the server.
mobzila
Forum Newbie
Posts: 3
Joined: Tue May 01, 2007 11:09 am

Post by mobzila »

Hi feyd.

Thanks for the clarification.
Post Reply