View Full Version : Cookies vs Session variables....

02-19-2003, 06:08 PM
Can anyone tell me which is better to use, and why?

I have a site where I'm utilizing cookies. The cookie has to be checked everytime a page loads. Is this likely to cause more of a drain on performance than using a bunch of session variables?

Which is faster?

02-19-2003, 06:45 PM
Don't forget that users can erase and disable cookies.

I'm pretty sure session variables are more of a drain on your resources though. When you use sesson variables, your server is keeping tracking of each user with a session ID and all of their associated data. With cookies, you just read or write the cookie to the user's hard drive every time you need to access the variable so your server doesn't have to keep track of a session ID for every user.

I don't use sessions much, but I don't think there is a guaranteed way to know when the user left. So if your server is configured to time out a session variable after 20 minutes and the user just closes their browser, your server has to keep that data around for 20 more minutes. If you reduce that amount of time, you increase the possibility of losing the data of a user who may just be taking a phone call.

02-19-2003, 07:01 PM
In the context of what I'm using it for, it's an internal site that our help desk logs into to view and update information regarding our clients.

I'm not concerned about losing any data if the user should happen to erase their cookies, as the information is not for stuff that is important to keep from day to day.

An example of what I'm using them for is when a user does a search for all clients matching a certain criteria. They want to be able to just go back to the page and have it display the last search results. In that instance, I'm writing the sql to a cookie, and I check the status of the cookie everytime the search page is loaded. If it has something in it, then I pull it, and that's my sql statement. If it's empty, I build the sql based on what is submitted to the page.

It has occured to me that some of the larger sql statements might be causing some problems if they are large chunks of info.

02-19-2003, 07:57 PM
I pretty much always work on intranet apps and avoid session vars at all costs. I use cookies for pretty much everything. Maybe you can break your sql up. Instead of putting the entire sql just put the search criteria. I know there is a limit on cookie size but I do not know it off hand.

02-19-2003, 09:11 PM
The reason I asked was we're noticing some MAJOR problems on our web server today, 1 day after I implemented a bunch of new pages with some cookies all over them. I thought maybe my code was faulty.

Anyway, it seems that we're having other problems, so my code is ok...probably.

I still think cookies are probably the best solution in this case, since I don't care if they delete the cookies.

02-20-2003, 01:07 AM
I agree, I would use cookies.

I'm using them in a new application I'm writing for another client (not the one we were always working on, thank god!). Too bad you can't see it, Keith, since it's specific to the client - it's pretty sweet for classic ASP. :)

P.S. Looks like we're going to have a standards committee... and I may be on it. ;)