Thursday, 6 September 2012


  • Stored on the client computer and are thus decentralized.
  • Can be set to a long lifespan and/or set to expire after a period of time from seconds to years.
  • They work well with large sites that may use several webservers.
  • Won’t do you any good if the client has set their browser to disable cookies.    
  • Limitations on size and number: a browser can keep only the last 20 cookies sent from a particular domain, and the values that a cookie can hold are limited to 4 KB in size.
  • Can be edited beyond your control since they reside on the client system.
  • Information set in the cookie is not available until the page is reloaded.

  • Server-size cookie can store very large amounts of data while regular cookies are limited in size.
  • Since the client-side cookie generated by a session only contains the id reference (a random string of 32 hexadecimal digits, such as ‘fca17f071bbg9bf7f85ca281653499a4′ called a ‘session id’) you save on bandwidth.
  • Much more secure than regular cookies since the data is stored on the server and cannot be edited by the user.
  • Only last until the user closes their browser.
  • Won’t work if client has cookies disabled in their browser unless some extra measures are taken (example below).
  • Can be easily customized to store the information created in the session to a database. 
  • Information is available in your code as soon as it is set.

How to use Sessions when Cookies are Disabled

If cookies are disabled you must use a different method to pass the session id. A popular method is to pass it in the querystring and then process it in the subsequent page using $_GET, like so:

echo "".session_id();  

Then use the following in the loading page to retrieve the session id:

echo $_GET['PHPSESSID'];

No comments:

Post a Comment

Thank you so much for providing your valuable feedback. I will will look into them and update my skills & technologies accordingly.