WDS 6 - Sessions and Cookies
A cookie is a small file stored on the client computer when visiting a website. Usually they are used to track visitor usage and habits. Since these files are stored on the client computers and collect information that they are told to collect by the developer people view them as a possible threat. Here is a list of some of their features and advantages:
- Stored on the client computer and are decentralized.
- Can be set to a long lifespan and/or set to expire after a period of time from seconds to years.
- They work well with large sites that may use several webservers
Disadvangates
- Won’t do you any good if the client has set their browser to disable cookies.
- Limitations on size and number: a browser can keep only the last 20 cookies sent from a particular domain, and the values that a cookie can hold are limited to 4 KB in size.
- Can be edited beyond your control since they reside on the client system.
- Information set in the cookie is not available until the page is reloaded.
A session can be thought of a server-side cookie. It is a file stored on the server when visiting a website. A file is also stored on the client computer but it is only a small file that only references a 32 hexadecimal key called a session id. Here are the features and advantages of sessions:
- A session can store very large amounts of data while regular cookies are limited in size.
- You save on bandwidth because the client-side cookie made by a session only contains the id reference which are 32 hexadecimal digits called a ’session id’.
- Much more secure than regular cookies since the data is stored on the server and cannot be edited by the user.
- Only last until the user closes their browser.
- Can be easily customized to store the information created in the session to a database.
- Information is available in your code as soon as it is set
Disavantages:
- Does not work well with multiple webservers
- Doesn’t carry over after the browser is closed.
Depending on what you want to do with information collected from users and passed from page to page tells you which one to use. Cookies are disabled by many people who fear the security risks that can come from cookies. Developers are also worried about cookies because they can be modified by the client before they are resent with the server. Sessions provide the extra security for both client and the developers. Below is a diagram on how the process works with setting cookies.
Below is a list of code on how a session works. In the example below variables are posted into session variables then in the next PHP script they are being put into local variables again.