At 13:10 24.11.2002, Jean-Christian Imbeault said:
--------------------[snip]--------------------
>This now hands me a dilemma ... I was building my site conservatively,
>i.e. assuming the user would have cookies turned off. And so I am making
>heavy use of session variables. *But* I had thought that if the user had
>cookies enabled then the variables would be saved as cookie information,
>hence saving my server a lot of disk reads and writes. Now you have
>shown me the err of my ways ...
>
>I have to consider rewriting my scripts so that if cookies *are* enabled
>the session information is sent has cookie data. Hum ... I hate
>re-writes ....
--------------------[snip]--------------------
Why would you do that? session data is read and decoded once from a LOCAL
file, while transmitting all session data over a REMOTE line would be much
slower. Further it's MORE than insecure to hand possibly sensitive session
data to the client where any bad guy might tamper with it and harm your
application. Lastly cookies are limited to a certain size of data (I
believe it's 1k but I don't know exactly).
Use sessions as intended, it's a very well tested and very fast way to
create a persistent state across multiple subsequent connections.
If you don't like the file approach you can always invent your own session
handling system, be it database-driven (which would be even slower), or
some kind of session-server process that runs locally and gets contacted by
the applications, or even some shared memory... choose your ways, but keep
your data at the server's.
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
