By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,972 Members | 1,454 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,972 IT Pros & Developers. It's quick & easy.

sessions vs cookies

P: n/a
Hi

I'm developing a site where I'd like to store information during a users
visit. So far I've been using sessions, but as far as I can tell it's
not possible to control for how long a session is valid. It seems that
these information are valid until the browser closes.

On the other hand it's possible to set expiration time for cookies.

Does this mean that I have to abanbon $_SESSION altogether and switch to
$_COOKIE for storing information? Or can/should they be coupled in some way?

In other words: are sessions and cookies conceptually an either-or or
are they supposed to supplement each other?

Thanks in advance for any reply...

--
peace, love & harmony
Atte

http://www.atte.dk
Dec 9 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Atte André Jensen wrote:
Hi

I'm developing a site where I'd like to store information during a
users visit. So far I've been using sessions, but as far as I can
tell it's not possible to control for how long a session is valid. It
seems that
these information are valid until the browser closes.


Sessions use cookies. The cookies are used to store the users Session ID.
These cookies by default have their lifetime set to 0 (meaning that the
cookie expires when the browser is closed). You can change this from php.ini
with session.cookie_lifetime, or using the
session_set_cookie_params -function from within the script.

See
http://www.php.net/session
and
http://www.php.net/manual/en/functio...kie-params.php

Please note that these settings only affect the cookie. While the cookie
might persist in the browser (if it is kept open for a long time), the
actual session data stored on the server might be gone. By default the PHP
garbage collection clears up sessions that have not been used for 24
minutes. To change sessions lifetimes use session.gc_maxlifetime in php.ini.
Please note that even this might not be enough if some other scripts, with
smaller timeouts, use the same folder for storing the session data (Their
garbage collection would trash session files in the folder according to
their timeout rules). To avoid this, you would need to set the script to use
a different session save path (session.save_path).

Usually sessions are all you need. Setting the session timeout to higher
than 24 minutes takes a few steps but is not a problem.

HTH

--
Suni
Dec 9 '05 #2

P: n/a
>I'm developing a site where I'd like to store information during a users
visit. So far I've been using sessions, but as far as I can tell it's
not possible to control for how long a session is valid. It seems that
these information are valid until the browser closes.
You can put a time stamp *in* the session, and check for how old it
is in subsequent pages. You get to decide whether it's based on time
since the FIRST hit or time since the LAST hit (update timestamp on
every hit). If your objective is a timed-out login, if the time stamp
gets old, redirect them to the login page.

PHP's probabalistic session expiration isn't very good if you
want the session expired ON TIME, EVERY TIME. It's not too bad
if you just want expired sessions to go away eventually so they
don't clutter up your system with too many old files.
On the other hand it's possible to set expiration time for cookies.
And it's entirely up to the browser to actually expire them.
How many users running browsers have their clock set to the wrong YEAR?
Also, users may be able to edit the expiration time of cookies.
Does this mean that I have to abanbon $_SESSION altogether and switch to
$_COOKIE for storing information? Or can/should they be coupled in some way?
I suggest storing your own expiration time into the session.
In other words: are sessions and cookies conceptually an either-or or
are they supposed to supplement each other?


Sessions are usually kept using a session cookie but PHP can fall
back to passing the session cookie in the URL (especially if trans_sid
is on). *If* cookies are enabled, you can also use cookies
independently.

Gordon L. Burditt
Dec 9 '05 #3

P: n/a
Juha Suni wrote:
<snip>or using the
session_set_cookie_params -function from within the script.
<snip> To change sessions lifetimes use session.gc_maxlifetime in php.ini. <snip> you would need to set the script to use
a different session save path (session.save_path).


Thanks, that helped alot! I seem to have sessions working, I trashed
cookies altogether, since it didn't seem appropriate for my purpose...

--
peace, love & harmony
Atte

http://www.atte.dk
Dec 9 '05 #4

P: n/a
> I trashed cookies altogether, since it didn't seem appropriate for my purpose...
just a repeat of a previous thought...
cookies are USED in 90% of session use (if the client accepts them and
the server [php.ini] isn't set up to force cookie usage.)

cookies are a client side thing, whereas sessions are server side.

Dec 10 '05 #5

P: n/a
cross at php net wrote:
cookies are a client side thing, whereas sessions are server side.


"I trashed setcookie() alltogehter..."

--
peace, love & harmony
Atte

http://www.atte.dk
Dec 10 '05 #6

P: n/a
Atte André Jensen wrote:
cross at php net wrote:
cookies are a client side thing, whereas sessions are server side.

"I trashed setcookie() alltogehter..."


I think you missed Colin's point.

Over 90% of sessions use cookies anyway, even if you trash setcookie()
altogether.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Dec 10 '05 #7

P: n/a
Jerry Stuckle wrote:
I think you missed Colin's point.

Over 90% of sessions use cookies anyway, even if you trash setcookie()
altogether.


This is my last rephrase:

I still use cookies in my session but I do not call the setcookie()
function. I do understand what has been pointed out several times that
over 90% of sessions use cookies.

I will, however comment further in this thread, even if you claim that I
didn't understand whatever.

Case closed!

--
peace, love & harmony
Atte

http://www.atte.dk
Dec 16 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.