Sessions &amp; Cookies

Sessions & Cookies

ollmorris

I was wondering if someone could tell me the major and minor differences between cookies and sessions. I have found no evidence which helps me draw a conclusion.

Thanks.

jpmoriarty

i think at it's absolute basic level:
a cookie is a file stored on the browsers computer. it can be used to store information about the person browsing your site.

a session is something that's more server side and it tracks someone as they move through your site. the session will be destroyed as soon as they close their browser window, unless you kill it before that.

So, you would use a cookie for something like remembering your login name for a bulletin board (like this one). But you would use sessions for designing an online shopping cart (since you'd need to know from one page to the next who the user was). In truth though, I think they're quite frequently used together.

What is it you want to do?

ollmorris

I am working on a poll at the minute for a client. I have implemented the IP restriction and was wondering about the cookie/session thingy which u helped me with.

The problem with a cookie though is that I could just delete the cookie and i could vote on a poll again. Would you recommend setting the cookie based on the IP address that has voted? Even though two people could theoretically have the same IP address?

thanks

jpmoriarty

it depends. it's like a lot of these things - if they really want to get around it, then they probably can. you just have to question how likely is it that someone would, and how much of a problem is it if they do.

IP blocking probably is nto a good idea since you wont really be able to tell how many people you're banning for no reason.

suppose you could do something where they have to register to vote, but then they could just register lots of times. if people really have that much time on their hands...

ollmorris

I think I will leave IP blocking up to the client.

Could I set a cookie that will last for say 10 seconds regardless of what time zone or time they have setup (whether it be correct or not)?

thanks for all your help

jpmoriarty

well no, if you're going to set a cookie then you might as well do it. it's the best way to prevent that sort of thing happening. My response was based on your worrying about people deleting the cookie and then voting again - theres not much you can do about that.

But if you're going to bother setting a cookie, I can't see much point in just making it last 10 seconds...

ollmorris

thanks for all your help. Sorry the 10 seconds was an example.