Comparison of Cookie and session usage in PHP

Source: Internet
Author: User
Tags comparison setcookie

1, the cookie data stored in the customer's browser, session data on the server.

2, cookies are not very safe, others can analyze stored in the local cookies and cookie spoofing, taking into account the security should use session.

3, session will be stored in a certain period of time on the server. When the access is increased, the performance of your server is compared, and cookies should be used to mitigate server performance.

4, a single cookie in the client limit is 3K, that is, a site in the client store cookies can not be 3 K.

Example, cookies

such as: Setcookie (' user ', ' Zhangsan ', Time () +3600), on behalf of the user variable value of John Cookie survival time is 1 hours, here to note that this function belongs to the head function, also equivalent to PHP header () Jump function, It cannot have "any output (including spaces)" before it.

2. Use $_cookie[' user ' to get COOKIE value.

3. Cancellation of Cookie:setcookie (' user ', ', ', Time ()-3600); or Setcookie (' user ');


To delete a client's SessionID in a cookie

if (Isset ($_cookie[session_name ())) {

Setcookie (Session_name (), ', Time ()-30, '/');


Example, session

1,//open session

Session_Start ();

2,//Empty session value

$_session = Array ();

Completely destroy session

Session_destroy ();

Session and cookies who are more secure

Personally, I think the session is a little more secure, and I have a few observations below.

1, if the session and cookies as safe, the two are not and to exist at the same time, as long as the cookie is good, so that customers to share the burden of the server, and for the user is transparent. Why not.

2,session's SessionID is put in cookies, want to break the session, the first to break cookies. After breaking cookies, you have to get Sessionid,sessionid is to be logged in, or start session_start will have, you do not know when someone will log in. Second, the SessionID is encrypted, the second session_start time, the previous SessionID no use, the session expired SessionID will also be ineffective, want to be in a short period of time broken add a secret sessionid difficult. The session is for a single communication, the end of sessions will disappear, and the real cookie exists on the client hard disk in a text file, who is safe and clear.

3, if the session is so easily broken, so unsafe, I think most of the existing sites are not safe.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.