CodingForums.com - View Single Post

Lamped · 01-31-2011, 06:56 AM

The main issues with $_SESSION are:

- Security in shared hosting environments
- The trans-sid feature placing the session ID in the URL

The alternative is $_COOKIE, which is what $_SESSION is kinda based on. The session saves an identifier as a cookie, and uses that to reference a file.

You can solve the security issue by using your own session handlers to read/write data to a database instead of a file.

You can solve the trans-sid issue by... turning it off.

I'd love to hear what issues you've heard of with $_SESSIONs though, as I find most complaints to be unfounded and ridiculous.

01-31-2011, 06:56 AM	PM User \| #2
Lamped Super Moderator Join Date: Feb 2009 Location: England Posts: 539 Thanks: 8 Thanked 63 Times in 54 Posts	The main issues with $_SESSION are: - Security in shared hosting environments - The trans-sid feature placing the session ID in the URL The alternative is $_COOKIE, which is what $_SESSION is kinda based on. The session saves an identifier as a cookie, and uses that to reference a file. You can solve the security issue by using your own session handlers to read/write data to a database instead of a file. You can solve the trans-sid issue by... turning it off. I'd love to hear what issues you've heard of with $_SESSIONs though, as I find most complaints to be unfounded and ridiculous. __________________ lamped.co.uk :: Design, Development & Hosting marcgray.co.uk :: Technical blog