sessions or cookies

Smifffy

which one should i use in my login/authentication

which one would be easier to set up and which one is more secure. in genral which is the best choice or is there somthing else i might have missed

thanks

malbera

depends on what youy want to do
if you want to give users an option to "autologin", you must use cookies
if not, you can use session

MrAlaska

"sessions vs. cookies" is one of the most common misunderstandings I see, even from people who are quite knowledgeable in other matters. It is not one verses the other. THe question is whether you want to let PHP manage your sessions for you or whether you want to manage them yourself.

Sessions take a lot of the work out of your programming by doing tasks like maintaining state and keeping track of your variables. The price you pay is a performance hit.

You can do all the same things that sessions do with cookies or url insertion, or if you roll your own you have the additional option of HTTP authentication, and you can keep track of your own variables either in files as sessions do or in your database if you have a database driven site.

Security is up to how you set it up. Sessions do not provide security, they handle state for you and it is up to you how secure you want it to be by the information you store in the variables.

BTW, you can store a persistant cookie and log the user in later whether you use PHP sessions or manage them yourself.