[nycphp-talk] Cookies as session database [was php scalability]
Analysis & Solutions
danielc at analysisandsolutions.com
Thu Aug 14 14:18:51 EDT 2003
On Thu, Aug 14, 2003 at 01:25:10PM -0400, George Webb wrote:
> As an offshoot of this topic, what does anyone think of using
> HTTP cookies as the session database?
> ... snip ...
> Of course some clients (web browsers/users) do not
> support HTTP cookies, for various reasons. So in that case,
> the server-side application could allow the conventional server-side
> session-hosting. Such a session mechanism would take effect
> only if the client failed to pass a basic HTTP cookie test.
On this last point, what if the user accepts some of your cookies, but
this population is small, it is out there.
More importantly, if you go this route, remember, cookies can be
altered/forged. Therefore, don't rely on cookies to tell you if the
person's session is valid and/or logged in.
FREE scripts that make web and database programming easier
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
More information about the talk