session and cookies

sand123

which is better to use session or cookies?

did all the browsers support session and cookies??

thanks
xyz.

Norman_Graham

Hi Sand

Sessions are better than cookies, but it depends what you want to do. If you want to greet the user by name without a login, then you'll need cookies.

To the best of my knowledge, the browser has little or no effect on sessions because it's all handled by PHP, unless you use session cookies, in which case the browser has to have cookies enabled.

Have a look at this, particularly the section entitled 'Passing the session ID' where the topic of session cookies or URL parameters is discussed.

HTH

Norm

sand123

but by passing the session_id url can be hijacked?

actually i want the difference bet session and cookies?

Norman_Graham

In theory, yes. If you're creating an online banking application, you'll want to look into this. If the info is non-critical, then a session ID is probably fairly safe.

The difference between sessions and cookies is that, with a cookie, user info is stored locally on the users computer. Some companies ran into trouble because they used simple cookies for shopping applications. Clever users soon realized that they could just manipulate the cookies to change the prices. Shopping applications are not usually that stupid these days.

Sessions only store the ID locally, or even not at all if you use a URL parameter and supress cookies. This ID can be hijacked unless you use SSL.

That's about as much as I know.

HTH

Norm