Advantages and disadvantages of session cookie in php

Source: Internet
Author: User
Tags sessions

This article does not discuss session or cookie. Many websites now talk about cookie-based session. The advantages and disadvantages of cookie-based session are discussed below:


1. Reduce the pressure on the server. For example, PHP sessions are in the file storage format by default, which reduces the disk pressure and does not cause more fragments to the disk.
2. When you are working on a cluster, do you want to synchronize sessions? The cookie-based session will be removed.


1. The same user may log on to multiple locations, and you cannot determine who is a real and valid user.
2. session records are stored locally in the cookie and may be obtained by The hacer. Through anehta, the cookie can be persistent to make the logon status valid permanently. Of course, you can record the timestamp when recording the cookie, verify the validity period on the server.
Personal suggestion:
In terms of security, as long as the processing is proper, the session and cookie are almost the same. In addition, we also need to consider the storage capacity of cookies. It is best not to place cookies on important information such as user information or permission information.

Who is safer than session and cookie?

Personally, I think the session is safer. I have the following opinions.

1. If the session is as secure as the cookie, the two will not exist at the same time. As long as the cookie is ready, the client will be able to split the server burden, it is transparent to users. Why not.

2. The session sessionID is stored in the cookie. To break the session, the first thing to do is to break the cookie. After the cookie is broken, you need to get the sessionID. The sessionID is generated only when someone logs on or starts session_start. You do not know when someone will log on. Second, sessionID is encrypted. During the second session_start operation, the previous sessionID is useless, and the sessionid expires when the session expires, it is difficult to break the sessionID with a secret in a short time. Session is for a communication, and the session ends with the disappearance of the session, and the real cookie exists in a text file on the client's hard disk, who is obviously safe.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.