More secure: cookies or sessions?

Anon

Hi,

I'm writing a program where users can "log in" to the website, check the latest updates to the website since they've been there, send messages to other users, use forums, etc. and I was wondering whether the login routine would be more secure using a cookie to simply store the information for a little while on their computer or through a session. I've already done the whole thing with cookies but I want it to be as professional as possible so any advice would be greatly appreciated.

--Intaglio
gurutech.org

Anon

Intaglio,

If you want to know what's most secure, i'd say a session would be as there is no data left behind when the user stops using the site.

If you want to know what's more professional, i'd say cookies would be as the USER does not see the difference between the two. The only difference they notice is that, when programmed correctly, when cookies are used the user won't have to retype several notes such as their login name or password. To make this more secure you can put in a "time limiter", allowing the cookie only to be usefull within a given time period.

I hope this helps,

Paul

Anon

Actually, the biggest problem with cookies is that the user can turn them off, leaving your session capability non-functional. Passing a session id in the url avoids this problem.