sessions vs. cookies

elesueur

A client of mine recently brought to my attention that his site "required cookies", and he thought this was unecessary.

I told him that it did not use cookies, it used sessions.

Now, I believe the common misconception that cookies are bad, is because they are "stored" on the uses computer.

I told him that sessions are not cookies per say, and they are not stored on his computer.

Now with this in mind, why, if you have cookie acceptance set to prompt, does internet explorer ask the user if he/she wants to allow the cookie "PHPSESSID"?

I thought the use of sessions meant we could store variables for the length of the users "session", without the use of cookies, but evidently, internet explorer treats sessions the same as cookies....

discuss...

phpmaven

If you are using PHP's built in session support then it will try to use set a cookie first. Failing that it will add the session id to the url.

Moonglobe

sessions DO USE COOKIES by default, as stated above. the cookie stores the session ID, which PHP uses whenever session_start() is called. that's why $_COOKIE is always non-empty when you use sessions...........as i found out the hard way.

hth
moon 🙂

planetsim

With saying that they are still stored on the server. Its more secure as they must physically get on the server and change it. Cookies on the other hand they are only stored on the clients computer, so if the user modifies the cookie it will change settings depending on what the cookie is used for.