Forum Moderators: coopster
I do not know of any reason to store data in a cookie rather than a session within an eCommerce website.
All you do is:
<?php session_start(); ?>Then, anywhere in your code, you can access/manipulate the session values such as:
<?php $name = $_SESSION['name']; ?>No matter where a visitor goes on your site, the SESSION data remains the same. This means you can store temporary, useful info about the current "session" of the user (such as: the user is logged in, the users name, etc).
PHP automatically handles creating a single cookie which contains one thing: the session ID. Then, PHP stores all the session data in a file on the web server. PHP grabs the cookie, gets the session ID, retrieves the session file, and then loads the data into memory so that you can access it in your code.
With cookies... you have to handle all the manipulating and handling of the cookies (setting expiration; checking cookies; getting values). It is a much bigger headache in my opinion. Combine this with the fact that COOKIES ARE NOT SECURE! Anything you store in a cookie can be accessed by software/etc on the user's computer. And cookies are NOT encrypted. So storing a user's password, phone, credit card, etc in a cookie is a recipe for disaster!
However, sessions are NOT 100% secure. Sessions are stored on the web server in a plain old file basically. Anyone with access to the web server has the potential to access these files (server admins, other people hosted on the same web server as you, etc). So even though sessions are much easier to work with, and significantly more secure than a cookie... you should still NEVER store sensitive information in a session. If you need a credit card #, social security #... retrieve it from the secure database; don't be lazy and put it in the session. But you can store all sorts of great things in sessions, just avoid sensitive information.
