Re: Sessions vs Cookies

From: Betikci Boris <pardust@xxxxxxxxx>
Date: Mon, 8 Dec 2008 01:54:40 -0800 (PST)

On Dec 7, 2:15 pm, Bill H <b...@xxxxxxxxx> wrote:

I am working on a project that will eventually scale up to multiple
servers and want to be sure I choose the correct path for controlling
persistant information, for example a users ID. From what I have read,
using sessions could limit me to a single server, where as cookies
will allow me to have multiple servers as the persistant information
travels with the client instead of residing on the server. Am I wrong
in this assumption? Are there any best practices with dealing with
persistant information and multiple servers?

Bill H

You can securely use cookies, php session use cookies, so anybody can
easily fake default php session management. At least i tried it
locally & remotely and succeeded basicly created same cookie on a
different browser of a previously created session.
You can store anything in cookies by using php mcrypt extension's
cryptographic functions to encrypt data stored on cookies.
ex.userid's, other info, etc.
.

Follow-Ups:
- Re: Sessions vs Cookies
  - From: Jerry Stuckle

References:
- Sessions vs Cookies
  - From: Bill H

Prev by Date: SOLVED (Was: Hierarch transversal problem with MySQL)
Next by Date: Re: Sessions , sql injection, misc attack defense
Previous by thread: Re: Sessions vs Cookies
Next by thread: Re: Sessions vs Cookies
Index(es):
- Date
- Thread

Relevant Pages

Re: Sessions vs Cookies
... servers and want to be sure I choose the correct path for controlling ... different browser of a previously created session. ... You can store anything in cookies by using php mcrypt extension's ... That means you are either on the machine using the session, or somewhere between the client and server, and monitoring the traffic. ...
(comp.lang.php)
Re: Sessions vs Cookies
... persistant information, ... travels with the client instead of residing on the server. ... Cookies can preserve state too, ... PLEASE note that session are no more secure ultimately since they use cookies, or URL encoded information to transfer the sate between browser instance. ...
(comp.lang.php)
Re: Sessions vs Cookies
... servers and want to be sure I choose the correct path for controlling ... persistant information, ... First of all, cookies are sent to the client, and modified by the user/ As a result, they should NEVER be trusted. ... Of course sessions use cookies, Or GET variables, Or POST variables to preserve states, a point which Jerry has never been able to grasp. ...
(comp.lang.php)
Re: Sessions vs Cookies
... persistant information, ... travels with the client instead of residing on the server. ... Cookies can preserve state too, ... PLEASE note that session are no more secure ultimately since they use cookies, or URL encoded information to transfer the sate between browser instance. ...
(comp.lang.php)
Re: Sessions vs Cookies
... persistant information, ... travels with the client instead of residing on the server. ... Cookies can preserve state too, ... PLEASE note that session are no more secure ultimately since they use cookies, or URL encoded information to transfer the sate between browser instance. ...
(comp.lang.php)