Welcome to WebmasterWorld Guest from 54.147.0.174

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

PHP Shopping Cart

session_start() - cookies or url?

     

aspr1n

2:34 am on Dec 2, 2002 (gmt 0)

10+ Year Member



Hi all,

I am just about to write a shopping cart, and wondered what everyone thought on the pros and cons of cookies versus url for storing session vars.

I'd also be interested to know if anyone has used the url method, with mod_rewrite on Apache, to rewite dynamic to static urls except a session variable.

Cheers,

asp

mavherick

3:16 am on Dec 2, 2002 (gmt 0)

10+ Year Member



Here's my opinion about your first question. Personally, I generally try to use the cookie method first, and if it fails (user reject cookies or the user-agent doesn't support cookies or whatever reason), the system falls back with the url method. So, I'd say it's not cookie versus url method but rather a team effort here!

If'd absolutely have to chose between the two, I'd go for the url method, it's safer (in the way that it's not affected by user's choice) and if I remember correctly, there's an option in PHP to use the var SID transparently so it doesn't appear in the url but it's still passed around (I'll have to check on that one though...)

but otherwise, try to use a combo. Makes your system more stable.

Hope that helps

mavherick

aspr1n

12:29 am on Dec 3, 2002 (gmt 0)

10+ Year Member



mavherick,

Thanks very much for that, FYI this is what found in the PHP doc re: a transparent SID:

session.use_trans_sid boolean

session.use_trans_sid
whether transparent sid support is enabled or not. Defaults to 0 (disabled).

Note: For PHP 4.1.2 or less, it is enabled by compiling with --enable-trans-sid. From PHP 4.2.0, trans-sid feature is always compiled.

URL based session management has additional security risks compared to cookie based session management. Users may send an URL that contains an active session ID to their friends by email or users may save an URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.

asp

 

Featured Threads

Hot Threads This Week

Hot Threads This Month