So As I understand. Session also store ID on the harddrive. I don't see the big difference between session and cookies from "privacy" point of view. On Mon, 8 Nov 2004 17:55:03 -0500, Paul Reinheimer <preinheimer@xxxxxxxxx> wrote: > -- > I don't want to use cookies. > I want to use session. When I use this code. It stores data on the harddrive. > -- > > When you use Sessions, the data you put in the session is NOT stored > on the users hard drive in a cookie. Only the Session ID is stored > there. All of the other information you store in the session (say > their userid, name, prefernces, security level, etc) is stored on the > SERVER. The session ID stored in the cookie only serves as a pointer > to the data stored on your server. > > The alternative to allowing PHP to store the users session id in a > cookie is to have php re-write all of the urls on your page to include > their session id. Generally this is not the preferred solution for > several reasons: > 1. URLs look a lot messier eg: > a) without cookies > http://forum.example.com/index.php?sid=a568a4c022a2f8491323c5f3ef5888d8 > b) with cookies > http://forum.edonkey.com/index.php > 2. Users may accidentally give away their session id, and possibly > open the door to session hijacking. > 3. Users bookmark pages with stale session ids > > So, in summary. Using sessions only stores the session id on the users > hard drive. The rest of the data stored in the session is saved on the > server. > > paul > > -- > Paul Reinheimer > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php