Cookie vs. Session

jiehuang001

I have heard a lot about cookie, but never used it in my code. I think I don't like the idea of saving stuff into client's machine that much. Here are some questions:

if your code uses cookie but the user's browser disabled cookie, will there be any problem?
Can session do everything that cookie can? Is session a better way than cookie and is replacing the idea of cookie?
I have used the following session code:
//if the user provides right username, password
session_start();
session_register('username');
then in the following pages, I can use "$SESSION['username']" to get the username value.
However, my question is, if there are hundreds of users logged into my website at the same time, will the "$SESSION['username']" be able to identify who is who?

Your clarification is bestly appreciated.

Jie Huang

laserlight

if your code uses cookie but the user's browser disabled cookie, will there be any problem?

of course. your cookies wont be set

Can session do everything that cookie can? Is session a better way than cookie and is replacing the idea of cookie?

Of course not. Sessions in PHP allows for one to preserve selected data accross accesses.
This can be done by sending the session id in some way, perhaps by query string.
One can use cookies to store the session id so that even without the query string, the session is saved.

if there are hundreds of users logged into my website at the same time, will the "$_SESSION['username']" be able to identify who is who?

whether or not cookies, sessions or both are used, you need a unique identifer to know who is who.
can username along provide that?
Yes, if only unique usernames are allowed.
It would be more reliable to use some other variable, such as a user id.

bad76

Hi,

1. if your code uses cookie but the user's browser disabled cookie, will there be any problem?

you can bet ! 😃

2. Can session do everything that cookie can? Is session a better way than cookie and is replacing the idea of cookie?

Most time a session is implemented with cookie.
This depend from server setting.
therefore a session do everything that cookie can

3. I have used the following session code:
//if the user provides right username, password
session_start();
session_register('username');
then in the following pages, I can use "$SESSION['username']" to get the username value.
However, my question is, if there are hundreds of users logged into my website at the same time, will the "$SESSION['username']" be able to identify who is who?

Yes, every session_start() use a different file.

The nucleo is this: a session it's just a cookie server-side.

At session_start() a file is created on tmp dir of server, when set a cookie is created a file on client pc. If file is in remote, the user can't modify/remove it = more security.

[EDIT]
oops... too late 🙂