On Saturday 24 June 2006 09:51, John Meyer wrote:

> BTW, I have a question: which is the preferred way to handle variables
> on the client side: cookies or sessions? Or are there situations where
> one should be used and the other should be used in these other situations.

If it's a variable that you want the user to be able to hold onto for days, 
weeks, or months at a time (such as a "remember me" function for blog 
comments, for example), then use cookies, but NEVER store a username or 
password, even encrypted, in a cookie.

For everything else, use PHP's session handling, particularly the cookie-saved 

Remember, cookies are user-supplied data.  That means it is not to be trusted.  
A session key is hard to hijack, or at least harder than it is to fake a 
non-random-key cookie.  It's easier to hijack if it's in the URL GET string 
rather than a cookie.

Larry Garfield                  AIM: LOLG42
[EMAIL PROTECTED]               ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to