0

I have a small site that is not too data intensive, but requires the user to login to access pages that handle data and pages that interact with the database.

To enhance the site security I am hoping to that I do not need to use cookies, instead handle all of the data states (between pages and to/from the database) on the server-side, utilizing $_SESSION and session arrays.

Whilst this means the user has to physically login each time they visit the site (rather than the site recognising them via a cookie), will this approach help make the site more secure, or am I just making more work for myself and/or my visitors?

Of course I will be making sure unused data arrays are destroyed once used. I will be making sure I regenerate the session for each login.

Many thanks.

3
Contributors
4
Replies
23
Views
4 Years
Discussion Span
Last Post by Webville312
1

Session is better to use than cookies for me. I always use it on my projects that ask the user
to login. By using session you can checked every user who go to your page and you can also save logs
just incase you want to track the user who login on your website.

Votes + Comments
haha .. nice
0

Sessions are safer, and much easier to use.
The issue with cookies is that the user can turn them off. For Instance, I may decide to turn off cookies when I am browsing the internet; When I get to your site, then it'll be hard to identify me, coz my cookies are turned off.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.