I'm using PHP sessions for user tracking. My host provider's server is dropping session data. He swears it's my scripts and says I should be using cookies for better security. That goes completely opposite to my understanding, so I'd like to run it by you guys. Which is more secure: PHP sessions or cookies?
In case you're curious, more details on the specifics of the problem I'm experiencing: I have a prepend file that executes start_session. The script assumes the user is a guest if $_SESSION["UserID"] is not set. All guests route to the login screen. Successful authentication sets $_SESSION["UserID"] and sends you to the original requested page. It seems fairly straight forward to me. People are able to login and start using the site, but the login screen displays randomly after they've already authenticated successfully. It sounds like PHP session data is being lost on the server. I've also seen error messages on web pages that report PHP / MySQL as having trouble reading from the temp directory. Here's the extact message: ERRORError writing file '/tmp/MYiYcf7q' (Errcode: 28). Anyway, those are the details. I look forward to hearing what you think. -Ed
