[nycphp-talk] Cookies as session database [was php scalability]

Analysis & Solutions danielc at
Thu Aug 14 14:18:51 EDT 2003

Hi George:

On Thu, Aug 14, 2003 at 01:25:10PM -0400, George Webb wrote:
> As an offshoot of this topic, what does anyone think of using
> HTTP cookies as the session database?
> ... snip ...
> 	Of course some clients (web browsers/users) do not
> support HTTP cookies, for various reasons.  So in that case,
> the server-side application could allow the conventional server-side
> session-hosting.  Such a session mechanism would take effect
> only if the client failed to pass a basic HTTP cookie test.

On this last point, what if the user accepts some of your cookies, but
then gets sick of your intense use of cookies and just gives up.  While
this population is small, it is out there.

More importantly, if you go this route, remember, cookies can be
altered/forged.  Therefore, don't rely on cookies to tell you if the
person's session is valid and/or logged in.



     FREE scripts that make web and database programming easier
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409

More information about the talk mailing list