I have a small site that is not too data intensive, but requires the user to login to access pages that handle data and pages that interact with the database.

To enhance the site security I am hoping to that I do not need to use cookies, instead handle all of the data states (between pages and to/from the database) on the server-side, utilizing $_SESSION and session arrays.

Whilst this means the user has to physically login each time they visit the site (rather than the site recognising them via a cookie), will this approach help make the site more secure, or am I just making more work for myself and/or my visitors?

Of course I will be making sure unused data arrays are destroyed once used. I will be making sure I regenerate the session for each login.

Many thanks.

Recommended Answers

All 4 Replies

Session is better to use than cookies for me. I always use it on my projects that ask the user
to login. By using session you can checked every user who go to your page and you can also save logs
just incase you want to track the user who login on your website.

commented: haha .. nice +0

Sessions are safer, and much easier to use.
The issue with cookies is that the user can turn them off. For Instance, I may decide to turn off cookies when I am browsing the internet; When I get to your site, then it'll be hard to identify me, coz my cookies are turned off.

Many thanks all. Sessions it is then, goodbye cookies.

You are so very much welkam!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.