If your application requires a login and a password I'd strongly recomend going the session rather than the cookie route for the following reasons.
1) You can destroy sessions after someone ends a transaction. For example if someone walks away for a few moments, you can destory a session and thereby force someone to log in again. With persistant cookies, you do not have this option.
2) Michael had mentioned the fact that users can change their privacy/cookie settings. By using persistant cookies you force yourself into either checking for the existance of cookies every time or by using the request scope (and thereby moving the cookie value into RAM, defeating the purpose of using pure persistant cookies). I'd also like to point out that some places mandate no session or persistant cookies -- something session variables can handle if you move CFID and CFTOKEN into the URL. <My experaince also tells me people purge cookies perodically... so this poor assumption.
3) Security. Sometimes, you might use a session variable to check against values in the database -- such as a customer profile. Going the cookie appraoch will force more stingent checks on your data than session varibles since the data comes from the client machine -- You will need to use the same QC techniques as you need for URL variables!
The reasons I bring up these two points is that you will need to create additional code to compensate for the fact that persistant cookies are remote and can be manipulated by the client. Result-- More CFIFs, CFTRYs/CFCATCHs and so on.
4) Finally, Let's do a thought expairment to see what conventional wisdom tells us.....
For a sturcture containing user information a persistant cookie requires a connection with local file system and then CF needs to parse out the information contained in the structure. Every time you call the cookie, you need to run through the same series of steps. Using session variables, that information is in server RAM or in a nearby database --much closer to the center of action.
What do you think would be faster- reading a file remotely or reading server RAM (or nearby database)? What does Flash do (since it is a fatter client side tehcnology -- see the Flex discussion from earlier this week for what others think)?
Jeremy
>In the case of this argument, let's assume that cookies are enabled for
>everyone. So we can eliminate those statements. This is purely an
>issue of how much does it hurt performance.
>
>Kevin
>
> _____
>
>From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
>Sent: Monday, April 05, 2004 1:48 PM
>To: CF-Talk
>Subject: RE: Cookies vs Session Variables
>
>Kaz, is this in regards to the conversation we had yesterday about
>company
>"x" choosing to use cookies over session vars because they "think" that
>session vars use too much memory?
>
>Let me start this conversation off with a quick question.... What If I
>disable cookies :-)
>
>Tell those networking guys to simmer down, no one is going to blow up a
>server with session variables or corrupt the PIX firewall... LOL
>
>Mike
>
>
>> Is there any performance gain to only using cookie variables
>> instead of using session variables? Is it worth the hassle?
>> Are session variables really that much of a server hog?
>>
>> Just curious to what others think.
>>
>> Kevin
> _____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
