PHP session

Hi,

I think you've answered your last question yourself.

PHP session data is stored on the server, although there is a cookie that is stored on the client's machine to tell PHP which session to use.

It largely depends on what you need to do with the session data. JavaScript can write data to a client side session and to cookies, but what if your user's have JavaScript disabled? Or can they not use your site without JS?

If you're needing to store data that is going to be used on the server side, then it makes sense to store that data on the server, rather than passing it with every page request. E.g. authentication information that is checked against a database.

R.

hahaah.. yeah I just realised that I answered my last question in the previous post. Any security concerns about client or server side sessions?

hahaah.. yeah I just realised that I answered my last question in the previous post. Any security concerns about client or server side sessions?

Hey,

I BELIEVE that server side sessions are a lot more secure, rather than client side because they are on the persons machine. That's the way I view them, might be wrong :)

I'm still unsure about whether I should use a server-side or client-side session. If the session is stored on my server, does it take some space from the server?

What are you looking to put in the session? That will likely determine whether you'd be better using server side or client side sessions.

Sessions can be written to file or to a database (file again) and take up minimal space - i.e. only a few bytes and are automatically cleaned up by the web server when finished with. If each session is taking up more space than that, you're probably storing the wrong kind of data in the session.

R.

Also to add (Again, I believe)

If you use session, it's exactly what it is says.. SESSION (Meaning, they expire if like they close their browser etc) Whereas cookies can be set for sometime.

E.g. If I had a login form, and, an option was to set "Remember me" I wouldn't really store it in a session, I'd store it in a cookie (client-side)

Hope this helps =)

Thanks buddy ... This info is quite helpful.

What if I want to use a server-side cookie, Will it also be stored on the server for a period that's specified before creation? Will it be easily accessible?

http://www.klovera.com/php-sessions-vs-cookies/

By "server-side cookie" do you mean session? You can set/access sessions quite easily:

<?php
   $_SESSION['name'] = "phorce";
   echo "Hello {$_SESSION['name']}";
?>

Could you please tell us what data you're planning on storing, and, this may help you more. =)

No. I meant PHP cookie.

setcookie() ....

I am thinking to store user's info(log-in and password)...

I wouldn't store the users login details (specifically password) in a session OR a cookie.. Yeah, you can store the the persons username but their password is bad, especially if it's not encrypted.

=)

where would you store user's password? Simple solution--> Encrypt then store in a cookie?

Well, you'd need to store them in something like a Database, or a text file.. It wouldn't be practical to build a user system just using cookies/sessions.. =)