Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Jan 2011
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question Alternative of $_SESSION

    Hello everybody,

    I've read may times that 'use $_SESSION as little as possible'.

    While checking WordPress codes I could barely find $_SESSION used
    and I do believe big sites won't use $_SESSION or uses too little.

    I'm trying to find out the best solution and alternative of $_SESSION.

    seeking help

    thanks in advance

  • #2
    Super Moderator
    Join Date
    Feb 2009
    Location
    England
    Posts
    539
    Thanks
    8
    Thanked 63 Times in 54 Posts
    The main issues with $_SESSION are:

    - Security in shared hosting environments
    - The trans-sid feature placing the session ID in the URL

    The alternative is $_COOKIE, which is what $_SESSION is kinda based on. The session saves an identifier as a cookie, and uses that to reference a file.

    You can solve the security issue by using your own session handlers to read/write data to a database instead of a file.

    You can solve the trans-sid issue by... turning it off.

    I'd love to hear what issues you've heard of with $_SESSIONs though, as I find most complaints to be unfounded and ridiculous.
    lamped.co.uk :: Design, Development & Hosting
    marcgray.co.uk :: Technical blog

  • #3
    New to the CF scene
    Join Date
    Jan 2011
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Thumbs up

    Hello Lamped,

    Quote Originally Posted by Lamped View Post
    The alternative is $_COOKIE, which is what $_SESSION is kinda based on. The session saves an identifier as a cookie, and uses that to reference a file.
    ...
    ...
    You can solve the trans-sid issue by... turning it off.
    Thanks for this information,
    is $_COOKIE the best alternative for $_SESSION ?

    Quote Originally Posted by Lamped View Post
    You can solve the security issue by using your own session handlers to read/write data to a database instead of a file.
    Explain this a little bit more please.


    Quote Originally Posted by Lamped View Post
    I'd love to hear what issues you've heard of with $_SESSIONs though, as I find most complaints to be unfounded and ridiculous.
    I've heard/read some where in blogs but .. no idea.

  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,350
    Thanks
    13
    Thanked 349 Times in 345 Posts
    $_COOKIE is (IMO) not an alternative to $_SESSION, as cookies can be edited by the user at will. to do that with sessions is way harder. besides, session content is not exposed to the outside world (cookies are transferred with every HTTP Request/Response).

    your own session handling: see session_set_save_handler()
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #5
    Super Moderator
    Join Date
    Feb 2009
    Location
    England
    Posts
    539
    Thanks
    8
    Thanked 63 Times in 54 Posts
    Basically, OpenCode...

    Just use sessions and don't be so paranoid. Just don't put passwords and credit card info directly into a session and you'll be fine.
    lamped.co.uk :: Design, Development & Hosting
    marcgray.co.uk :: Technical blog


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •