Cookies vs Sessions.

Sayian

For all my applications ive always used sessions ..

b/c the info must be stored on the server, and i always thought it was "safer" this way.

Am i correct in this matter? or are cookies just as safe? The benefits of using cookies, would be my users wouldnt have to login every time. The software would automatically recognize them b/c of the cookie, but is this safer then sessions?

Feedback please.

Andrew_W_Peace

I'm not expert, but I believe that sessions just store data as cookies that are sort of encrypted. Try one of your applications that uses sessions and keep watching your cookies, I think you'll see what I mean.

madwormer2

No. The session ID is stored in the cookie, but that is all. This is then sent to the server every time a page is requested, and then the corresponding data is brought from the depths of PHP...

As long as you make sure that any important data is not stored in cookies in an unencrypted form, then you should be fine. Even when you use cookies, load and destroy is the approach I take. Load them into session, and destroy if they are no longer neccessary.

Sayian

What about a username and a password? ..

So sessions are safer for this?

The only way to encrypt a cookie is SSL?

thanks.

Weedpacket

SSL does not encrypt cookies stored on the client.