|
|
Posted by Dikkie Dik on 01/27/07 15:28
> Is there any particular reason I should still use $_POST?
>
> Also, I'm reading mixed things about sessions. php.net says you can
> propagate session IDs either via cookies or session IDs:
> http://www.php.net/manual/en/ref.session.php#session.idpassing
>...
> Can someone please explain what the session ID does?
Let me summarize and extend the answers a bit:
You use $_POST, $_GET, or $_REQUEST for communication with the client.
For instance, if a user provides a login and a password, they come in
through $_POST (I hope).
You use $_SESSION for everything that is client-related, but should
remain on the server. For instance, all database IDs. If you keep the
UserID after a successful login, store it in a (new!) session and do not
put it in a hidden field. A hidden field is easily altered, which means
that after a successful login, you could simply "log over" to any other
user!
The session ID is something like a ticket with a number you get when
using the wardrobe of a theater. You get a piece of the theater's
storage space to put your personal belongings in, without the wardrobe
people know who you are. The only link between you and this temporarily
assigned space is the number on your ticket. So a session ID is a way of
anonimizing personally assigned space on the server.
Best regards.
Navigation:
[Reply to this message]
|