Hi All,
I know this topic has been talked about a LOT but all the info I've
managed to get from google is that there is no center / best option to
choose between using sessions or cookies.
Pros of Sessions
1. PHP does it all automatically
2. Can also be defined but I don't know how(yet)
Cons
1. saves it in /tmp - world viewable
2. Session ID may be easy to guess unless I md5 the sessionID before sending
it out
Pros of Cookies
1. can be generated via functions
2. Can be stored in mysql & looked up each time user comes to the site (this
i found out from mantis-bugtracker)
3. can be set using PHP setcookie function
Cons
1. cookies can be rejected by users
2. if rejected, means session can't be preserved across pages?? (this I'm
not sure)
3. cookie is stored in user's hard drive. What is user using public PC?
Can anyone please help explain which is better in terms of performance &
security? For cookies and the way that mantis does it(I looked through the
code to learn - newb), each time a page is accessed, php will query the
database for the cookie string and compare it as a means of identification.
Doesn't this affects performance if I were to need to query the database A
LOT? (presuming that my site generates a lot of traffic.)
I'm assuming here that accessing the /tmp is faster than accessing the
database. Is there a way to put the /tmp location somewhere secure and not
world viewable?
Please Don't flame me.. I'm just asking.
Cheers,
Mun Heng, Ow
H/M Engineering
Western Digital M'sia
DID : 03-7870 5168
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
