Comparison of Cookie and session usage in PHP

1, the cookie data stored in the customer's browser, session data on the server.

2, cookies are not very safe, others can analyze stored in the local cookies and cookie spoofing, taking into account the security should use session.

3, session will be stored in a certain period of time on the server. When the access is increased, the performance of your server is compared, and cookies should be used to mitigate server performance.

4, a single cookie in the client limit is 3K, that is, a site in the client store cookies can not be 3 K.

Example, cookies

such as: Setcookie (' user ', ' Zhangsan ', Time () +3600), on behalf of the user variable value of John Cookie survival time is 1 hours, here to note that this function belongs to the head function, also equivalent to PHP header () Jump function, It cannot have "any output (including spaces)" before it.

2. Use $_cookie[' user ' to get COOKIE value. Www.111cn.net

3. Cancellation of Cookie:setcookie (' user ', ', ', Time ()-3600); or Setcookie (' user ');

4,

To delete a client's SessionID in a cookie

if (Isset ($_cookie[session_name ())) {

Setcookie (Session_name (), ', Time ()-30, '/');

}

Example, session

1,//open session

Session_Start ();

2,//Empty session value

$_session = Array ();

Completely destroy session

Session_destroy ();

Session and cookies who are more secure

Personally, I think the session is a little more secure, and I have a few observations below.

1, if the session and cookies as safe, the two are not and to exist at the same time, as long as the cookie is good, so that customers to share the burden of the server, and for the user is transparent. Why not.

2,session's SessionID is put in cookies, want to break the session, the first to break cookies. After breaking cookies, you have to get Sessionid,sessionid is to be logged in, or start session_start will have, you do not know when someone will log in. Second, the SessionID is encrypted, the second session_start time, the previous SessionID no use, the session expired SessionID will also be ineffective, want to be in a short period of time broken add a secret sessionid difficult. The session is for a single communication, the end of sessions will disappear, and the real cookie exists on the client hard disk in a text file, who is safe and clear.

3, if the session is so easily broken, so unsafe, I think most of the existing sites are not safe.