View Full Version : php cookie login system vs session

11-20-2010, 11:57 PM
is doing a cookie login system better or worse than a session login system. I don't know how to do a session, so the question is should I learn to do it or just stick with a cookie based login?

11-21-2010, 03:38 AM
you should. a session can hold more data than a cookie (though no as long as a cookie can, the time limit is normally in the range of hours, as otherwise the disk space for the data would run out) and (most of the time) a session is identified through cookies.

the most advantage of sessions though is the security of the data. the session’s data is not accessible outside the server (thus you can save sensitive information over time).

11-21-2010, 10:40 AM
If you can use cookies in PHP, then you can do sessions. It's fairly similar.

On the topic of session security, and to make your code more secure, this is a good read to prevent session hacking -- session fixation and session hijacking.

PHP Security Guide: Sessions

And if on a shared host, be careful about exposing your session data