[PHP] Re: Opinion: PHP Sessions or Cookies
Ed Lazor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm using PHP sessions for user tracking. My host provider's server is dropping session data. He swears it's my scripts and says I should be using cookies for better security. That goes completely opposite to my understanding, so I'd like to run it by you guys. Which is more secure: PHP sessions or cookies? In case you're curious, more details on the specifics of the problem I'm experiencing: I have a prepend file that executes start_session. The script assumes the user is a guest if $_SESSION[UserID] is not set. All guests route to the login screen. Successful authentication sets $_SESSION[UserID] and sends you to the original requested page. It seems fairly straight forward to me. People are able to login and start using the site, but the login screen displays randomly after they've already authenticated successfully. It sounds like PHP session data is being lost on the server. I've also seen error messages on web pages that report PHP / MySQL as having trouble reading from the temp directory. Here's the extact message: ERRORError writing file '/tmp/MYiYcf7q' (Errcode: 28). Hi Ed, have you tried storing your session data in a database? Storing session data in a database has some advances over the standard file based solution, mainly data security und comfort. For example, if you want to get the number of the active sessions just do a simple select count(*) from sessions. Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Opinion: PHP Sessions or Cookies
I am using PHP sessions for my site. Have done the numbers and have to agree that although cookies make life easier for the developer the whole reason for cookies is to make life easier for the browser. We have to accept that not all users can interrogate a cookie download and verify if the site is safe, so sessions it is :) -- - Michael Mason Arras People www.arraspeople.co.uk - Ed Lazor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm using PHP sessions for user tracking. My host provider's server is dropping session data. He swears it's my scripts and says I should be using cookies for better security. That goes completely opposite to my understanding, so I'd like to run it by you guys. Which is more secure: PHP sessions or cookies? In case you're curious, more details on the specifics of the problem I'm experiencing: I have a prepend file that executes start_session. The script assumes the user is a guest if $_SESSION[UserID] is not set. All guests route to the login screen. Successful authentication sets $_SESSION[UserID] and sends you to the original requested page. It seems fairly straight forward to me. People are able to login and start using the site, but the login screen displays randomly after they've already authenticated successfully. It sounds like PHP session data is being lost on the server. I've also seen error messages on web pages that report PHP / MySQL as having trouble reading from the temp directory. Here's the extact message: ERRORError writing file '/tmp/MYiYcf7q' (Errcode: 28). Anyway, those are the details. I look forward to hearing what you think. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Opinion: PHP Sessions or Cookies
..sessions are easier IMHO On Wed, 14 Jul 2004 16:40:33 +0100, Harlequin [EMAIL PROTECTED] wrote: I am using PHP sessions for my site. Have done the numbers and have to agree that although cookies make life easier for the developer the whole reason for cookies is to make life easier for the browser. We have to accept that not all users can interrogate a cookie download and verify if the site is safe, so sessions it is :) -- - Michael Mason Arras People www.arraspeople.co.uk - Ed Lazor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm using PHP sessions for user tracking. My host provider's server is dropping session data. He swears it's my scripts and says I should be using cookies for better security. That goes completely opposite to my understanding, so I'd like to run it by you guys. Which is more secure: PHP sessions or cookies? In case you're curious, more details on the specifics of the problem I'm experiencing: I have a prepend file that executes start_session. The script assumes the user is a guest if $_SESSION[UserID] is not set. All guests route to the login screen. Successful authentication sets $_SESSION[UserID] and sends you to the original requested page. It seems fairly straight forward to me. People are able to login and start using the site, but the login screen displays randomly after they've already authenticated successfully. It sounds like PHP session data is being lost on the server. I've also seen error messages on web pages that report PHP / MySQL as having trouble reading from the temp directory. Here's the extact message: ERRORError writing file '/tmp/MYiYcf7q' (Errcode: 28). Anyway, those are the details. I look forward to hearing what you think. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php !DSPAM:40f55213116972033915540! -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Opinion: PHP Sessions or Cookies
-Original Message- have you tried storing your session data in a database? Storing session data in a database has some advances over the standard file based solution, mainly data security und comfort. For example, if you want to get the number of the active sessions just do a simple select count(*) from sessions. I'm not storing sessions into the database right now, but I have before and I'll probably do it again =) -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Opinion: PHP Sessions or Cookies
-Original Message- have you tried storing your session data in a database? Storing session data in a database has some advances over the standard file based solution, mainly data security und comfort. For example, if you want to get the number of the active sessions just do a simple select count(*) from sessions. I'm not storing sessions into the database right now, but I have before and I'll probably do it again =) I'm doing it with the help of PEAR::DB and PEAR::HTTP_Session - really simple! Are you interested in sample code? Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Opinion: PHP Sessions or Cookies
Sessions are the best thing to use, cookies are nice as a supplement. If you want your users to be able to auto-login cookies are just the thing to use, but apart from this cookies are not my favourite. Another thing is that many browsers nowaydays have turned cookies all off.. I remember a friend of mine did a supportsystem where the loggin system was pure cookies... Man - did their staff get a lot of support from people who didnt manage to logg into the system... As mentioned - this were users with cookies turned off As the other users mentioned, the /tmp folder might be out of space, however your provider might also have some custom setup on that server which screws up the /tmp folder here and there. I know for a fact one large provider here in Norway who has this problem on one of their servers due to a heavy site which from time to time sucks up resources resulting in the /tmp folder getting messed up. If you still havnt solved your problem, get your provider to move you to another of his servers (physically!), or change provider. You shouldnt be having theese problems. -- -- Kim Steinhaug - There are 10 types of people when it comes to binary numbers: those who understand them, and those who don't. - www.steinhaug.com - www.easywebshop.no - www.easycms.no www.webkitpro.com - Ed Lazor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm using PHP sessions for user tracking. My host provider's server is dropping session data. He swears it's my scripts and says I should be using cookies for better security. That goes completely opposite to my understanding, so I'd like to run it by you guys. Which is more secure: PHP sessions or cookies? In case you're curious, more details on the specifics of the problem I'm experiencing: I have a prepend file that executes start_session. The script assumes the user is a guest if $_SESSION[UserID] is not set. All guests route to the login screen. Successful authentication sets $_SESSION[UserID] and sends you to the original requested page. It seems fairly straight forward to me. People are able to login and start using the site, but the login screen displays randomly after they've already authenticated successfully. It sounds like PHP session data is being lost on the server. I've also seen error messages on web pages that report PHP / MySQL as having trouble reading from the temp directory. Here's the extact message: ERRORError writing file '/tmp/MYiYcf7q' (Errcode: 28). Anyway, those are the details. I look forward to hearing what you think. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php