On Mon, Jul 6, 2009 at 02:19, Jason Carson<jason@xxxxxxxxxxxxxx> wrote:
>>
> ok, I have two sets of scripts here. One uses setcookie() for logging into
> the admin panel and the other uses session_start(). Both are working fine,
> is one more secure than the other?
$_COOKIE data is written to a file that is readable/writeable and
stored on the user's side of things. $_SESSION data is written to the
server, with a cookie stored on the user's side containing just the
PHPSESSID (session ID) string to identify the session file on the
server.
So determining which is better and/or more secure is really a
matter of the data held there and how it's handled. If storing things
like usernames or you absolutely want to store personal data in an
active session, do so in $_SESSION. If you're storing a password or
credit card number in the active session, you may as well do it in
$_COOKIE, because you're already using an insecure model. ;-P
--
</Daniel P. Brown>
daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
