- Stored on the client computer and are thus decentralized.
- Can be set to a long lifespan and/or set to expire after a period of time from seconds to years.
- They work well with large sites that may use several webservers.
- Won’t do you any good if the client has set their browser to disable cookies.
- Limitations on size and number: a browser can keep only the last 20 cookies sent from a particular domain, and the values that a cookie can hold are limited to 4 KB in size.
- Can be edited beyond your control since they reside on the client system.
- Information set in the cookie is not available until the page is reloaded.
- Server-size cookie can store very large amounts of data while regular cookies are limited in size.
- Since the client-side cookie generated by a session only contains the id reference (a random string of 32 hexadecimal digits, such as ‘fca17f071bbg9bf7f85ca281653499a4′ called a ‘session id’) you save on bandwidth.
- Much more secure than regular cookies since the data is stored on the server and cannot be edited by the user.
- Only last until the user closes their browser.
- Won’t work if client has cookies disabled in their browser unless some extra measures are taken (example below).
- Can be easily customized to store the information created in the session to a database.
- Information is available in your code as soon as it is set.
How to use Sessions when Cookies are DisabledIf cookies are disabled you must use a different method to pass the session id. A popular method is to pass it in the querystring and then process it in the subsequent page using $_GET, like so:
Then use the following in the loading page to retrieve the session id: