Web Analytics Made Easy -
StatCounter Cookies or Sessions? Which is more secure? - CodingForum


No announcement yet.

Cookies or Sessions? Which is more secure?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cookies or Sessions? Which is more secure?


    I am writing a registration/log in script. I am wondering about this subject, because I have heard people saying the cookies are more secure. Is this true? Should I only trust cookies like some tutorials say? Whats insecure in sessions? I have now session log in, but I will change it if its not secure. There's nothing wrong with my script, it's secure but I'm not sure about the session method, what do you think?

    Thank you for your replies, greatly appreciated!
    PHP 5 & MySQL 5 (Y)

  • #2
    By default PHP will normally use cookies for sessions, but if the client doesn't accept cookies then it will fall back to using $_GET to send the session ID to the browser. This exposes the session ID in the URL and can increase the risk of a session fixation attack.

    You can force PHP to only use cookies with sessions, which should result in security comparable with the cookie way of doing things. Check the PHP manual pages on sessions for more information.


    • #3
      Exactly the same question:
      I'm not sure if this was any help, but I hope it didn't make you stupider.

      Experience is something you get just after you really need it.
      PHP Installation Guide Feedback welcome.