Alternative of $_SESSION
 

Hello everybody,

I've read may times that 'use $_SESSION as little as possible'.

While checking WordPress codes I could barely find $_SESSION used
and I do believe big sites won't use $_SESSION or uses too little.

I'm trying to find out the best solution and alternative of $_SESSION.

seeking help

thanks in advance

The main issues with $_SESSION are:

- Security in shared hosting environments
- The trans-sid feature placing the session ID in the URL

The alternative is $_COOKIE, which is what $_SESSION is kinda based on. The session saves an identifier as a cookie, and uses that to reference a file.

You can solve the security issue by using your own session handlers to read/write data to a database instead of a file.

You can solve the trans-sid issue by... turning it off.

I'd love to hear what issues you've heard of with $_SESSIONs though, as I find most complaints to be unfounded and ridiculous.

Hello Lamped,

Thanks for this information,
is $_COOKIE the best alternative for $_SESSION ?

Explain this a little bit more please.


I've heard/read some where in blogs but .. no idea.

$_COOKIE is (IMO) not an alternative to $_SESSION, as cookies can be edited by the user at will. to do that with sessions is way harder. besides, session content is not exposed to the outside world (cookies are transferred with every HTTP Request/Response).

your own session handling: see session_set_save_handler()

Basically, OpenCode...

Just use sessions and don't be so paranoid. Just don't put passwords and credit card info directly into a session and you'll be fine.