Wednesday, April 22, 2009

Basics of Session and Cookies

We know that Webpages are getting displayed using stateless Protocol.
So there should be someway for keeping the session of the user navigating the webpages within a website.

Session variables and Cookie variables can be used for this purpose.
Basically Session variables are maintained by webserver. (i-e)Physically the value of any Session variable will be written to a file located in the web server.

In php, we can set/use the session variable using $_SESSION. Say for example, if we need to put the user email (e.g $email) in session, we can use it as $_SESSION['email'] whose value should be set as $_SESSION['email']=$email.

Whenever assigning this session variable, a file will be written to the web server at location specified by session_path variable in php.ini file.

Suppose 1000 users are using your website, there will be 1000 files created for storing one session variable.

So it will become a big memory issue if you are not managing the session properly. (i-e) we should unset the session variables during logout. Appropriate session timeout value should be specified to enable automatic expiration of the session if the user forgets to logout. And also we need to take additional care to manage session if security is more important for your website.

Or alternatively we can use cookie variables which are stored by the web browser in the users machine. As the cookie variables are stored in the client machine, it can be available till it gets deleted either by browser setting, or by the code or by the user manually.

Since cookie variables can live even after closing the browser session, it can be very useful for improving user experience. (i-e) Lot of data related to user preferences can be stored in the cookie. So whenever the same user logs in, his previous settings can be applied automatically by using these cookie values. For example if the user allows the website to store his password in cookie variable, he can log in to the website without typing his password again.

In php, cookie variables can be set using setcookies function.
But anyway, privacy is important for you, you can restrict the cookies by changing the browser settings.
More Articles...

No comments:

Search This Blog