Robert Cummings wrote:
On Thu, 2006-04-13 at 18:58, tedd wrote:
Not that you don't know -- because I'm sure you do -- but for the
benefit of others.
One example, each domain has a limit of cookies (20) and you can use
them up pretty quickly. However, if you place your data in an array,
you could then serialize the array and save it as one long string
(i.e., the cookie). Then you can read it back from the cookie and
un-serialize it back to the array.
Except for extremely rare cases you should never need more than 2
cookies for a domain. Rather than saving every data field into a cookie,
save a single unique ID into the user's cookie, and use that to look
into your database. Now you can store zillions of fields and any size
you want.
So that's one, what's the other? Well you can do a persistent cookie
also so that you can remember them when they return :)
If you're going to store data on the the clients computer, you're going
to have to security check every piece of data you saved there before
every use. At least when the data is only linked by a unique key, you
only ever have to validate the unique key.
amen.
Cheers,
Rob.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
