Reply to Re: To session or not to session

Your name:

Reply:


Posted by Skrol 29 on 04/06/05 02:43

Hi,

SESSION feature connot be compared to POST and GET.

POST and GET are methods to transfer data from the client to the server.
SESSION is a method to keep the server in touch with the client, like
COOKIES.
A SESSION works with an ID saved in a cookie, or recalled in the URL. The
value of the session's ID has no sense for a hacker who read it. That's why
SESSIONS are more secure than COOKIES for authentication.

I perfer POST to GET to have a better user interface. I think long or
understandable URL are ugly.
But I use the GET syntax for pages that should be called simply by direct
links (from another site from example).
The problem with POST is when the user click on "Reload", but they are
walkarounds.

I also prefer COOKIES to SESSIONS for common applications, this is just a
habit and it enables users to not authenticate each time they come to the
site. But I use SESSIONS when the application has to be more seriously
secured.

I hope this helped,
-------------------
Skrol 29
www.tinybutstrong.com
-------------------

<mailings@vlaamse-kern.com> a écrit dans le message de news:
200504052324.56668.mailings@vlaamse-kern.com...
> Hi all
>
> I have been doing all my design by using POST to transfer user data and
> GET
> for user changeable variables.
>
> I would like to know what you guys think of using SESSION in production
> sites.
>
> Right now I am giving a trust factor of 80% to POST and 0% on GET. What
> trust
> factor should I apply to SESSION
>
> Should I implement a SESSIONless feature in case SESSION is not available?
>
> I know the way to php.net for documentation but I'd like advice/opnions of
> real people.
>
> Thanks
>
> Andy Pieters
>
> --
> Registered Linux User Number 379093
> --
> Feel free to check out these few
> php utilities that I released under the GPL2 and
> that are meant for use with a php cli binary:
> http://www.vlaamse-kern.com/sas/
> --

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация