Do sites like Facebook make users register in cookies or sessions?

Question

Do sites like Facebook make users register in cookies or sessions?

Are there websites like Facebook registered by users in cookies (client side) or sessions (server side)? My tests show that they do the first.

+7

php cookies

jon Dec 17 '11 at 20:34

source share

4 answers

Pekka 웃 · Answer 1 · 2011-12-17T20:37:27+0000

As a rule, confidential information, for example, which user is currently registered, should be stored on the server side - remember, cookies can be freely read and modified by the user.

What you are likely to see is a session cookie that associates a particular client with a specific session on the server - this means that the server knows which session will be used for you. In this case, the only thing the cookie contains is a long random session identifier - it is long and random, so the attacker cannot easily guess.

The act of stealing another user session cookie is called session hijacking .

Additional Information:

Cookie VS session
Session Section in PHP Manual

Isaac dozier · Answer 2 · 2015-02-23T01:45:50+0000

I think the idea of $_sessions is that the server processes its own information faster, rather than receiving mass information from the client.

Look at it like this:

You (the server) and friend (client) gossip about another Cindy’s friend, do you share with you every information about her (hair color, height, etc.)? No, that would be a waste of time. It is much faster for you to process the information that you already know about Cindy (in the $_session file, on the server side) and receive unique information ( $_cookies ) from your friend (client).

Effectively: "Hey, did you hear what Cindy did last night?"

NOT effective: "Hey, did you hear that Cindy had brown hair, a blue eye, a medium build, etc ... last night?"

Obviously, this does not fully summarize $_sessions and $_cookies , but it may help someone to understand effective short-term data management.

Drahcir · Answer 3 · 2011-12-17T20:38:26+0000

They use server-side sessions with the cookie.

The cookie contains an identifier, this identifier is sent to FaceBook, and the server checks the details of the session with this identifier.

xttrust · Answer 4 · 2015-06-21T15:27:02+0000

They try to use sessions and then store some information in cookies, for example, user_id logs in with session_id = ... / then checks the session for that session_id to see if the user is all logged in. I think this is a waste of resources. In my opinion, I store important information in sessions and a lot of information in cookies.

Do sites like Facebook make users register in cookies or sessions?

More articles: