Comments on: PHP: Sessions vs Cookies

By: Abe

Abe — Fri, 15 Jan 2010 02:09:44 +0000

@alapati

Sessions and cookie are stored in a very similar way.
The main difference is the simple fact users can’t edit their own sessions as they are server based.

As a rule, this makes them more secure when dealing with sensetive information.

A great comparative article, thanks!

By: padmaja

padmaja — Thu, 05 Nov 2009 10:33:19 +0000

cookies means to pass the information one page to another page in one application.
session means what changes made in an application browser

By: alapati

alapati — Thu, 05 Nov 2009 10:24:58 +0000

from this i understand that cookies and sessions their are slight difference .sometimes sessions r stored like a cookie

By: Rakshith

Rakshith — Tue, 03 Mar 2009 12:54:37 +0000

Nicely explained

By: Gabe

Gabe — Mon, 30 Jun 2008 08:43:16 +0000

Nice write up on that

By: Dustin

Dustin — Fri, 25 Jan 2008 20:27:48 +0000

Nile, you are absolutely correct, using GET is easily hacked. There are other more complex options you could use. For example, you could store certain information about each client in a temporary location on the server (like their IP and login) and then check against that for each subsequent page. However, this would also be prone to security and performance issues. As with all security, on and off the web, the best method is to have multiple lines of defense.

In any event, with the standard being that cookies typically are enabled you can simply deny access to visitors who don’t accept cookies with a polite message like “To view this site you must first enable cookies in your browser”. Then give some instruction on enabling them. That being said, always code to accommodate your target market and the technology they are actually using.

By: Nile

Nile — Fri, 25 Jan 2008 19:56:08 +0000

Well is there a more secure method then using get?
get is a pretty un-secure function and easy to hack.