Cookies or sessions?

[Nightfire]

For a members area, which of these is best? And how do you show a page different from when you're logged in or logged out? And detect who's logged in or not?

[QuackHead]

I'm only starting in PHP - so I don't know about PHP Sessions - anyways...

In ASP I prefer to use Sessions rather than cookies - because session variables are truly temporary cookies. (IE, no info is actually stored in the HD)

just my 2 cents..

~Quack

[bcarl314]

Well, I've tried both and found sessions much easier to deal with. But that's my opinion, and that along with a dollar will buy you a cup of coffee

[Nightfire]

I have no idea how sessions or cookies work. Do these keep users seeing pages only members can see? If it does do this, how can I prevent people that aren't registered from seeing the members files?

[Thejavaman1]

cookies store the actual data in a file on the user's computer
session's store a number on the user's computer using a cookie (or in the url) and that corosponds to a file on the server with tha values.

cookies can be faked, while it takes much much more effort to take a session value (the numbers are not sequential)

[mordred]

Sessions in PHP have one more significant advantage against using ordinary cookies: They can be used even when the user has cookies disabled, because then all relative URLs are rewritten in a manner that the session_id is appended as a GET parameter.

Also, cookies has some restrictions as how much data you can store in them (I believe it was 4 kB per Cookie, no more than 20 Cookies per domain). In regard to this, sessions are more flexible, though I haven't researched deeply enough if there might be any session size restrictions in the .ini file or elsewhere.

And as some others have already replied, sessions are quite easy to use because PHP comes along with a neat set of session handling functions. Whereas with cookies you only have setcookie() and $_COOKIE to play with.

So it actually depends how you implement session/cookies in your application to achieve the desired results you described, none of them won't prevent viewing of member files on its own, you'd have to build an authentication functionality.

[Flamerule]

Sessions are way better than cookies. A bit hard to start off with them but once you get the basics it all works fine.

To check if a user is logged in or not you should use an if() function to check if a cookie/session variable exists and if it isn't make a form so that the user will log in (it will check the username and/or password and if they are correct it will create that cookie or session variable)

[Jeewhizz]

To detect if a cookie is there, you can use the session function session_is_registered() or this code snippet

PHP Code:

<?
if($HTTP_SESSION_VARS["ID"]=='')
{
  
  echo "<p>You are not authorised to view this page. Please login.</p>";
  die();
}
?>

For a tut on sessions, read the one on www.devshed.com - its titled "couch sessions"

Jee

[Nightfire]

Thanks all

That's what I was looking for Jee

[zoobie]

I think that's just for an old version of php...like 4.0.6

Sessions are best

I learned them from the devshed forums but you won't learn much from that tutorial I'm afraid.

What really drives you crazy is that each version of php uses different code for sessions...

[Robbie]

sessions are great but cookies rule 2!

I use cookie for my own website (not online(yet)) and it is working great for secure member area's and login in for eg change your profile, just like this forum.

And I give my members a chooise:
Login with cookie (so they stay logged in for about 2 weeks)
or login with session so they are automaticly logout if the browser closes, this is, I think, great for people who surf 2 my site at a public pc in eg a libary or school.

So it is your chooise to use cookies or sessions, it depend on how you want your site...