homepage Welcome to WebmasterWorld Guest from 107.21.187.131
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP Shopping Cart
session_start() - cookies or url?
aspr1n




msg:1311546
 2:34 am on Dec 2, 2002 (gmt 0)

Hi all,

I am just about to write a shopping cart, and wondered what everyone thought on the pros and cons of cookies versus url for storing session vars.

I'd also be interested to know if anyone has used the url method, with mod_rewrite on Apache, to rewite dynamic to static urls except a session variable.

Cheers,

asp

 

mavherick




msg:1311547
 3:16 am on Dec 2, 2002 (gmt 0)

Here's my opinion about your first question. Personally, I generally try to use the cookie method first, and if it fails (user reject cookies or the user-agent doesn't support cookies or whatever reason), the system falls back with the url method. So, I'd say it's not cookie versus url method but rather a team effort here!

If'd absolutely have to chose between the two, I'd go for the url method, it's safer (in the way that it's not affected by user's choice) and if I remember correctly, there's an option in PHP to use the var SID transparently so it doesn't appear in the url but it's still passed around (I'll have to check on that one though...)

but otherwise, try to use a combo. Makes your system more stable.

Hope that helps

mavherick

aspr1n




msg:1311548
 12:29 am on Dec 3, 2002 (gmt 0)

mavherick,

Thanks very much for that, FYI this is what found in the PHP doc re: a transparent SID:

session.use_trans_sid boolean

session.use_trans_sid whether transparent sid support is enabled or not. Defaults to 0 (disabled).

Note: For PHP 4.1.2 or less, it is enabled by compiling with --enable-trans-sid. From PHP 4.2.0, trans-sid feature is always compiled.

URL based session management has additional security risks compared to cookie based session management. Users may send an URL that contains an active session ID to their friends by email or users may save an URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.

asp

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved