Sessions vs. Cookies

Anon

Can anyone tell me what the advantages are of using sessions over cookies in PHP? Thanks.

Robert

lawnmowerman

Hi Robert.

Depending on your use of sessions, sessions use cookies. The session ID is sent to each page of the site via a cookie. The alternative is to pass the SID via the URL.

Sessions store the information on the server instead of on the client, as cookies do. This means that you're not limited to the relatively small amount of data that can be stored in a cookie (I believe it is 2kb or 4kb, but I can't remember exactly).

You can store any kind of variable within a session. PHP serializes the variable for storage and automagically unserializes it for ease of use on each page. You can store simple, single value variables ( $var = 'hello' ), arrays ( $var[0] = 3 ), hashes ($var[name] = 'Rich' ), etc.

Does this answer your question(s)?

-Rich

Anon

This might seem kind of dense, but what kind of information would be valuable for me to store on the server that I couldn't store in the client? Right now I'm just storing a unique id, some preferences, and some transaction related material.

Robert

lawnmowerman

Well, let's take a shopping cart, for example.

John Doe goes to your site. You sell t-shirts. T-shirt options are:
1) size (s,m,l.xl)
2) color( red,orange,yellow,green,blue,purple)
3) iron-on pattern (space shuttle, horse, Porsche)
4) pattern location (front,back,both)
5) quantity
6) embroidered name

Now, if John wants a single shirt, cookies would probably work well. But, if John is a member of a Porsche collectors club and he is placing an order for all 500 club members, you can assume that there will be more than 2 or 3 different option combinations: small red Porche front Jim, extra large green Porsche back Fred, etc.

Unless you want John to place an different order for every 3 shirts or so, it would be best to use sessions. You could store all 500 shirt orders in a session and not have to worry about the several kB cookie size limitation since the cart information is stored on the server in the session instead of on the client in a cookie.

Each shirt order could easily be 200 bytes or more, which means you'd have a 10 shirt limit (assuming a 2kB cookie size limit) if there is no other information stored in the cookie at all.

The cookie simply stores the session ID, which tells the server which session is in use by this browser.

Does this help get your mind around sessions?

If not, let me know and I'll try to explain it another way.

-Rich