Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts

    Cookies or sessions?

    For a members area, which of these is best? And how do you show a page different from when you're logged in or logged out? And detect who's logged in or not?

  • #2
    Regular Coder
    Join Date
    Jun 2002
    Posts
    344
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm only starting in PHP - so I don't know about PHP Sessions - anyways...

    In ASP I prefer to use Sessions rather than cookies - because session variables are truly temporary cookies. (IE, no info is actually stored in the HD)

    just my 2 cents..

    ~Quack

  • #3
    Mega-ultimate member
    Join Date
    Jun 2002
    Location
    Winona, MN - The land of 10,000 lakes
    Posts
    1,855
    Thanks
    1
    Thanked 45 Times in 42 Posts
    Well, I've tried both and found sessions much easier to deal with. But that's my opinion, and that along with a dollar will buy you a cup of coffee

  • #4
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    I have no idea how sessions or cookies work. Do these keep users seeing pages only members can see? If it does do this, how can I prevent people that aren't registered from seeing the members files?

  • #5
    New Coder
    Join Date
    Jun 2002
    Location
    Stuck in the inner reaches of my mind
    Posts
    84
    Thanks
    0
    Thanked 0 Times in 0 Posts
    cookies store the actual data in a file on the user's computer
    session's store a number on the user's computer using a cookie (or in the url) and that corosponds to a file on the server with tha values.

    cookies can be faked, while it takes much much more effort to take a session value (the numbers are not sequential)

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sessions in PHP have one more significant advantage against using ordinary cookies: They can be used even when the user has cookies disabled, because then all relative URLs are rewritten in a manner that the session_id is appended as a GET parameter.

    Also, cookies has some restrictions as how much data you can store in them (I believe it was 4 kB per Cookie, no more than 20 Cookies per domain). In regard to this, sessions are more flexible, though I haven't researched deeply enough if there might be any session size restrictions in the .ini file or elsewhere.

    And as some others have already replied, sessions are quite easy to use because PHP comes along with a neat set of session handling functions. Whereas with cookies you only have setcookie() and $_COOKIE to play with.

    So it actually depends how you implement session/cookies in your application to achieve the desired results you described, none of them won't prevent viewing of member files on its own, you'd have to build an authentication functionality.

  • #7
    New Coder
    Join Date
    Jun 2002
    Location
    Paris, France
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sessions are way better than cookies. A bit hard to start off with them but once you get the basics it all works fine.

    To check if a user is logged in or not you should use an if() function to check if a cookie/session variable exists and if it isn't make a form so that the user will log in (it will check the username and/or password and if they are correct it will create that cookie or session variable)
    I don't suffer from insanity, I enjoy every single minute of it!

  • #8
    Regular Coder
    Join Date
    May 2002
    Location
    London, England
    Posts
    367
    Thanks
    0
    Thanked 0 Times in 0 Posts
    To detect if a cookie is there, you can use the session function session_is_registered() or this code snippet

    PHP Code:
    <?
    if($HTTP_SESSION_VARS["ID"]=='')
    {
      
      echo 
    "<p>You are not authorised to view this page. Please login.</p>";
      die();
    }
    ?>
    For a tut on sessions, read the one on www.devshed.com - its titled "couch sessions"

    Jee
    Jeewhizz - MySQL Moderator
    http://www.sitehq.co.uk
    PHP and MySQL Hosting

  • #9
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Thanks all

    That's what I was looking for Jee

  • #10
    Senior Coder
    Join Date
    Jun 2002
    Location
    ColoRockyz
    Posts
    1,649
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I think that's just for an old version of php...like 4.0.6

    Sessions are best

    I learned them from the devshed forums but you won't learn much from that tutorial I'm afraid.

    What really drives you crazy is that each version of php uses different code for sessions...

    Last edited by zoobie; 07-06-2002 at 07:24 AM.

  • #11
    New Coder
    Join Date
    Jul 2002
    Location
    Behind my PC :)
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    sessions are great but cookies rule 2!

    I use cookie for my own website (not online(yet)) and it is working great for secure member area's and login in for eg change your profile, just like this forum.

    And I give my members a chooise:
    Login with cookie (so they stay logged in for about 2 weeks)
    or login with session so they are automaticly logout if the browser closes, this is, I think, great for people who surf 2 my site at a public pc in eg a libary or school.

    So it is your chooise to use cookies or sessions, it depend on how you want your site...


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •