Programming Forums > Web Development and Design > PHP

Satans_Banjo · Jul 8th, 2007, 6:47 PM

Hi

I'm making a website which involves a user logging in and then staying logged in the whole time. There will be a user control panel which displays all of the user's vital statistics and their username will be displayed in the corner of every page while they're logged on. I was wondering what would be the best way to implement this: cookies or sessions? And are there any tutorials you would recommend for this kind of thing?

Thanks, and sorry I've filled the entire PHP forum

Banjo

Dameon · Jul 8th, 2007, 11:12 PM

Cookies and sessions aren't entirely distinct. A cookie is stored on the client and returned to the server with every request. That's how an individual user can be recognized among the hundreds of requests that can be occurring at the same time. But they're only on the client. You have to trust what they give you. They can decide what data they send you; users may not accept cookies at all, or could just as well send bogus ones.

Good Idea:
Store their preference for text size or page theme.

Bad Idea:
Store which user they are logged in as (and trust this information)

PHP sessions store data on the server. You can set session variables which will retain their values across requests from the same client. To do this, cookies are usually used -- using the unique cookie value, the server can look up the existing session data and load it for the script to use. The user can report whatever session ID that they want. But sessions expire, and the chance of guessing one is highly unlikely. The real danger is someone sniffing or otherwise obtaining the session ID (hijacking it). This threat can be somewhat mitigated by using SSL (https).

Sessions are a much better choice for storing login info. Just be warned that sessions are designed to expire, so long term ("remember me") login will likely need to be a separate addition. The best reference is the official page, though a tutorial may help you wrap your head around it.

Satans_Banjo · Jul 9th, 2007, 5:25 AM

Thanks. So sessions would be good for day-to-day use, but I should use cookies to create a 'remember me' checkbox?

Jul 8th, 2007, 6:47 PM	#1
Satans_Banjo Newbie Join Date: Oct 2006 Posts: 15 Rep Power: 0	Cookies or Sessions? Hi I'm making a website which involves a user logging in and then staying logged in the whole time. There will be a user control panel which displays all of the user's vital statistics and their username will be displayed in the corner of every page while they're logged on. I was wondering what would be the best way to implement this: cookies or sessions? And are there any tutorials you would recommend for this kind of thing? Thanks, and sorry I've filled the entire PHP forum Banjo

Jul 8th, 2007, 11:12 PM	#2
Dameon Troll Join Date: Apr 2005 Location: Texas Posts: 732 Rep Power: 4	Cookies and sessions aren't entirely distinct. A cookie is stored on the client and returned to the server with every request. That's how an individual user can be recognized among the hundreds of requests that can be occurring at the same time. But they're only on the client. You have to trust what they give you. They can decide what data they send you; users may not accept cookies at all, or could just as well send bogus ones. Good Idea: Store their preference for text size or page theme. Bad Idea: Store which user they are logged in as (and trust this information) PHP sessions store data on the server. You can set session variables which will retain their values across requests from the same client. To do this, cookies are usually used -- using the unique cookie value, the server can look up the existing session data and load it for the script to use. The user can report whatever session ID that they want. But sessions expire, and the chance of guessing one is highly unlikely. The real danger is someone sniffing or otherwise obtaining the session ID (hijacking it). This threat can be somewhat mitigated by using SSL (https). Sessions are a much better choice for storing login info. Just be warned that sessions are designed to expire, so long term ("remember me") login will likely need to be a separate addition. The best reference is the official page, though a tutorial may help you wrap your head around it. __________________ MD5(sig) = bcef75433db02e9ad9bf81d6f7c5c270

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PHP sessions/ page refresh???	ktsirig	PHP	2	Jun 1st, 2006 4:16 PM
Little help on sessions?	ktsirig	PHP	0	Mar 2nd, 2006 5:23 PM
PHP sessions... Where to start from?	ktsirig	PHP	1	Feb 27th, 2006 5:31 PM
Cookies	sephers	PHP	2	Jun 9th, 2005 11:08 AM
Strange PHP Sessions Errors	stakeknife	PHP	2	Apr 14th, 2005 7:24 AM

Jul 9th, 2007, 5:25 AM	#3
Satans_Banjo Newbie Join Date: Oct 2006 Posts: 15 Rep Power: 0	Thanks. So sessions would be good for day-to-day use, but I should use cookies to create a 'remember me' checkbox?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Web Development and Design > PHP

Cookies or Sessions?