My daily readings 10/14/2013

    • also to be noted, session data is lost if the web server is restarted
    • @Ben, not always true, PHP uses files to persist sessions and are therefore resistant to a restart (as is a db store). Generally you only loose session data when they are persisted in memory and or you are using an application server Glassfish etc.
    • @Ben: Technically you can have persistent sessions as well. You can have sessions stored in a databased, or on the filesystem, for example. In fact some applications require persistent sessions to keep audit trails of who had access to the application resources.
    • Cookies are client-side, sessions are server-side. Use cookies for small pieces of data that you can trust the user with (like font settings, site theme, etc.) and for opaque IDs for server-side data (such as session ID). Expect that these data can be lost at any time and they can not be trusted (i.e. need to be sanitized). Use session data for bigger data chunks (for many systems can store objects, data structures, etc.) and ones you have to trust – like authorization status, etc. In general, use session data for storing larger state data.


      You can store things like authorization status in cookies too, if it’s needed for GUI, caching, etc. – but never trust it and never rely on it being present. Cookies are easy to delete and easy to fake. Session data is much harder to fake, since your app controls it.

Posted from Diigo. The rest of my favorite links are here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: