On Thu, 2006-04-13 at 18:58, tedd wrote: > Not that you don't know -- because I'm sure you do -- but for the > benefit of others. > > One example, each domain has a limit of cookies (20) and you can use > them up pretty quickly. However, if you place your data in an array, > you could then serialize the array and save it as one long string > (i.e., the cookie). Then you can read it back from the cookie and > un-serialize it back to the array.
Except for extremely rare cases you should never need more than 2 cookies for a domain. Rather than saving every data field into a cookie, save a single unique ID into the user's cookie, and use that to look into your database. Now you can store zillions of fields and any size you want. So that's one, what's the other? Well you can do a persistent cookie also so that you can remember them when they return :) If you're going to store data on the the clients computer, you're going to have to security check every piece of data you saved there before every use. At least when the data is only linked by a unique key, you only ever have to validate the unique key. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
