--- Jean-Christian Imbeault <[EMAIL PROTECTED]> wrote: > This now hands me a dilemma ... I was building my site > conservatively, i.e. assuming the user would have > cookies turned off. And so I am making heavy use of > session variables. *But* I had thought that if the > user had cookies enabled then the variables would be > saved as cookie information, hence saving my server a > lot of disk reads and writes. > > Now you have shown me the err of my ways ... > > I have to consider rewriting my scripts so that if > cookies *are* enabled the session information is sent > has cookie data.
There are two reasons why you should not consider such a rewrite: 1. performance 2. security You say you want to pass data as cookies to save your server the latency of disk access. Think about that for a moment, and you will see that it makes no sense. This is similar to making a decision to store all of your data on a remote FTP server rather than your local disk, thinking that this somehow saves you time. Regardless of how much bandwidth your network has and how slow your disk is, there is no way transmitting this data to/from the client across the Internet is going to be faster than local disk access. Floppy access is probably not even as slow as what you are considering. A more important reason to avoid the rewrite you are considering is security. A cookie is sent by the client. The client can be anyone using your site. What if the client is trying to circumvent your site's security in some way? Do you really want to trust everyone who visits to be honest? When you set a cookie, you are asking the client to send that cookie (value unchanged of course) in future requests. There is nothing aside from honesty that keeps a client from changing the cookie. Also, cookies are intended as a mechanism for maintaining state. This means that they are well-suited for helping you identify a client (the Web browser). Session management requires a little bit more, and this is where PHP sessions come into play. Cookies are a poor choice for session management (state management + maintaining client data), and this is what it seems like you are considering. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
