Hi,
SESSION feature connot be compared to POST and GET.
POST and GET are methods to transfer data from the client to the server.
SESSION is a method to keep the server in touch with the client, like COOKIES.
A SESSION works with an ID saved in a cookie, or recalled in the URL. The value of the session's ID has no sense for a hacker who read it. That's why SESSIONS are more secure than COOKIES for authentication.
I perfer POST to GET to have a better user interface. I think long or understandable URL are ugly.
But I use the GET syntax for pages that should be called simply by direct links (from another site from example).
The problem with POST is when the user click on "Reload", but they are walkarounds.
I also prefer COOKIES to SESSIONS for common applications, this is just a habit and it enables users to not authenticate each time they come to the site. But I use SESSIONS when the application has to be more seriously secured.
I hope this helped, ------------------- Skrol 29 www.tinybutstrong.com -------------------
<mailings@xxxxxxxxxxxxxxxx> a écrit dans le message de news: 200504052324.56668.mailings@xxxxxxxxxxxxxxxxxxx
Hi all
I have been doing all my design by using POST to transfer user data and GET
for user changeable variables.
I would like to know what you guys think of using SESSION in production sites.
Right now I am giving a trust factor of 80% to POST and 0% on GET. What trust
factor should I apply to SESSION
Should I implement a SESSIONless feature in case SESSION is not available?
I know the way to php.net for documentation but I'd like advice/opnions of real people.
Thanks
Andy Pieters
-- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ --
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
