BetterPHP

Right, so I've always wondered what the difference is between cookies and sessions. And why/when should I use cookies over sessions and vice versa...

Can anybody give me a crash course in cookies? I'm too darn lazy to Google it!

cookies are similar to session in terms of functionality, but what actually goes on is not the same at all.

When you set a cookie a header is sent to the users browser that contains the data that you set, the browser remembers which site stored which data and sends it back to the website when you visit it as a header, php processes this header and makes the $_COOKIE variable available. The key thing is that the data is stored client side, not on the server.

When you set a session variable, the server sends a unique id (the session id) to the browser as a cookie, as described above the browser will send this back. PHP intercepts this id and uses it to check the session storage (usually files) to see if there is any session data already, if there is it creates the $_SESSION variable form the data. The key thing here is that the data is stored on the server and not client side at all, meaning there is no way for the user to manually change the data in the session like they can with cookies.

jacek wrote:cookies are similar to session in terms of functionality, but what actually goes on is not the same at all.

When you set a cookie a header is sent to the users browser that contains the data that you set, the browser remembers which site stored which data and sends it back to the website when you visit it as a header, php processes this header and makes the $_COOKIE variable available. The key thing is that the data is stored client side, not on the server.

When you set a session variable, the server sends a unique id (the session id) to the browser as a cookie, as described above the browser will send this back. PHP intercepts this id and uses it to check the session storage (usually files) to see if there is any session data already, if there is it creates the $_SESSION variable form the data. The key thing here is that the data is stored on the server and not client side at all, meaning there is no way for the user to manually change the data in the session like they can with cookies.

Alright, makes much more sense now.

But why do people use cookies for say, a forum, instead of sessions? Is it just to keep the user logged in or to use a " remember me " function?

Cookies for a login can be fine, but you must encrypt any data stored in them. To be honest sessions are better for it. Yes people use cookies as both "remember me" functions, and for login's.

Cookies last longer too, you could have a cookie that is set to expire after a year, if you did the same with the session expire time you would fill your server HDD with session data

So, basically the only thing that cookies do better than sessions is that they are stored client-side instead of server-side, so it saves me some space on my HDD?

In that case, screw cookies! My server has more than enough space left to let me work with sessions instead

Temor wrote:So, basically the only thing that cookies do better than sessions is that they are stored client-side instead of server-side, so it saves me some space on my HDD?

Thats not the main point really, but yes

jacek wrote:

Temor wrote:So, basically the only thing that cookies do better than sessions is that they are stored client-side instead of server-side, so it saves me some space on my HDD?

Thats not the main point really, but yes

Hehe, okay

Also, do you know what the default expire time is for sessions?

Temor wrote:Also, do you know what the default expire time is for sessions?

24 minutes with no page loads I think.

jacek wrote:

Temor wrote:Also, do you know what the default expire time is for sessions?

24 minutes with no page loads I think.

Ok, thank you