|
Posted by Skrol 29 on 04/06/05 02:43
Hi,
SESSION feature connot be compared to POST and GET.
POST and GET are methods to transfer data from the client to the server.
SESSION is a method to keep the server in touch with the client, like
COOKIES.
A SESSION works with an ID saved in a cookie, or recalled in the URL. The
value of the session's ID has no sense for a hacker who read it. That's why
SESSIONS are more secure than COOKIES for authentication.
I perfer POST to GET to have a better user interface. I think long or
understandable URL are ugly.
But I use the GET syntax for pages that should be called simply by direct
links (from another site from example).
The problem with POST is when the user click on "Reload", but they are
walkarounds.
I also prefer COOKIES to SESSIONS for common applications, this is just a
habit and it enables users to not authenticate each time they come to the
site. But I use SESSIONS when the application has to be more seriously
secured.
I hope this helped,
-------------------
Skrol 29
www.tinybutstrong.com
-------------------
<mailings@vlaamse-kern.com> a écrit dans le message de news:
200504052324.56668.mailings@vlaamse-kern.com...
> Hi all
>
> I have been doing all my design by using POST to transfer user data and
> GET
> for user changeable variables.
>
> I would like to know what you guys think of using SESSION in production
> sites.
>
> Right now I am giving a trust factor of 80% to POST and 0% on GET. What
> trust
> factor should I apply to SESSION
>
> Should I implement a SESSIONless feature in case SESSION is not available?
>
> I know the way to php.net for documentation but I'd like advice/opnions of
> real people.
>
> Thanks
>
> Andy Pieters
>
> --
> Registered Linux User Number 379093
> --
> Feel free to check out these few
> php utilities that I released under the GPL2 and
> that are meant for use with a php cli binary:
> http://www.vlaamse-kern.com/sas/
> --
[Back to original message]
|