Sessions or Cookies

[ChrisBull]

I’m sure this has been asked before but my recent search on google only returned a post from 2007 that said use sessions but did’t explain why. May be there are times when one is better than the other?

Im creating a site where after the user has logged in php will extract data from both a mysqql database and an xml file on the server, I then need to keep (and use) all of this information until they logout again, I will also need to update it if they change something.

While im on it, I’m not sure but is there a better extension to use, other than php that will act the same but is better at storing information?

Many Thanks For Your Time
Chris

[eip56]

In my experience, and my opinion only,

I would suggest going wth PHP sessions especially when it comes to use login type systems.

I am in no way a expert this is just from my own research and use:

1. Sessions can hold more data than cookies.
2. Cookies are stored on the client side and sessions are stored server side which is technically more secure since there is no transfer of information back and forth like cookies. (keep in mind this is how you build and incorporate security)
3. If a user has cookies disabled sessions can still be made to work.

Your typical work flow would be
user logs in -> you query database to authenticate -> with those results if its a valid log in store the users credentials in sessions so you can work with them later.

I typically only use cookies for temporary situations like shopping carts where the data or “state” is only held for a short period of time.

[Author]

Posts