Re: So why do I need session?

[Stut <stuttle@xxxxxxxxx>]

Mikael Grön wrote:
> You can, only it's not as secure. It's easier to edit cookies since 
> they're not stored on the server. Also cookies don't disappear when you 
> close the browser, which is standard on other pages with login systems. 
> Your users will expect to be logged out when closing the browser.

"as secure"??? Cookies are not secure at all. There has been a *very* 
lengthy discussion of this subject on the PHP-General mailing list. 
Search the archives for a recent thread with the subject "Session 
Authentication".

-Stut

> sam rumaizan skrev:
> > It is a general question.
> >   Why can't I use cookie instead?
> >   Mikael Grön <php@xxxxxxxx> wrote:
> >   Are you asking someone specifically, or is this a general question?
> >
> > Here's an example of when sessions are useful:
> > You have a login area on your website on which users who have 
> > registered can log in to access special content. Only, you want such a 
> > high security on your website so that people shouldn't be able to 
> > simply browse to the hidden files, nor should a user still be logged 
> > in when his friend uses his computer and starts a fresh browser. 
> > Here's where sessions are perfect! You store the userId or similar 
> > information in the session and start every secret page with the question:
> >
> > if (!isset($_SESSION['userId']) || 
> > !CoolCheckUserValidityFunction($_SESSION['userId'])):
> > header("Location: login.php");
> > exit;
> > else:
> > $GLOBALS[USER] = new User($_SESSION['userId']);
> > endif;
> >
> > of course you should not do that check in login.php... :P
> >
> > Mike
> >
> > PS: That $GLOBALS[USER] and the User class part is my own stuff.. 
> > Dunno if anyone else does stuff like that.. :P
> >
> >
> > sam rumaizan skrev:
> >  
> > > You use a session to store values that are required over the course 
> > > of a single visit, and a cookie to store more persistent data that is 
> > > used over multiple visits. Session: when you close the browser the 
> > > session gets flushed. Which means the browser will not recognize the 
> > > user next time he/she browse the page unlike cookie.
> > >
> > > So why do I need session? OR maybe I didn’t understand session
> > >
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------
> > > Looking for earth-friendly autos? Browse Top Cars by "Green Rating" 
> > > at Yahoo! Autos' Green Center.
> > >     
> >
> >
> >
> >
> >
> >  
> >
> >        ---------------------------------
> > The fish are biting.
> >  Get more visitors on your site using Yahoo! Search Marketing.
> >   

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php