Re: So why do I need session?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mikael Grön wrote:
You can, only it's not as secure. It's easier to edit cookies since they're not stored on the server. Also cookies don't disappear when you close the browser, which is standard on other pages with login systems. Your users will expect to be logged out when closing the browser.

"as secure"??? Cookies are not secure at all. There has been a *very* lengthy discussion of this subject on the PHP-General mailing list. Search the archives for a recent thread with the subject "Session Authentication".

-Stut

sam rumaizan skrev:
It is a general question.
  Why can't I use cookie instead?
  Mikael Grön <php@xxxxxxxx> wrote:
  Are you asking someone specifically, or is this a general question?

Here's an example of when sessions are useful:
You have a login area on your website on which users who have registered can log in to access special content. Only, you want such a high security on your website so that people shouldn't be able to simply browse to the hidden files, nor should a user still be logged in when his friend uses his computer and starts a fresh browser. Here's where sessions are perfect! You store the userId or similar information in the session and start every secret page with the question:

if (!isset($_SESSION['userId']) || !CoolCheckUserValidityFunction($_SESSION['userId'])):
header("Location: login.php");
exit;
else:
$GLOBALS[USER] = new User($_SESSION['userId']);
endif;

of course you should not do that check in login.php... :P

Mike

PS: That $GLOBALS[USER] and the User class part is my own stuff.. Dunno if anyone else does stuff like that.. :P


sam rumaizan skrev:
You use a session to store values that are required over the course of a single visit, and a cookie to store more persistent data that is used over multiple visits. Session: when you close the browser the session gets flushed. Which means the browser will not recognize the user next time he/she browse the page unlike cookie.

So why do I need session? OR maybe I didn’t understand session






---------------------------------
Looking for earth-friendly autos? Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.





       ---------------------------------
The fish are biting.
 Get more visitors on your site using Yahoo! Search Marketing.


--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux