Geek Answers Handbook

Get or Session?

I have a login form which is located in login.php. after authorization, i moove client to some.php file! so of the following two methods, which is better?

  • I can send information aboud user id etc GET
  • I can use SESSION - s for this

which is more preferable?

and two words about why I ask this question. I hear somewhere that SESSION not a good software method, and he did not suggest using them in such situations ...

thanks

+6
php get session
source share
8 answers

Sessions are indeed the preferred solution. You cannot trust the data sent to querystring ($ _GET, $ _POST, $ _COOKIE, etc.), because all of them can be changed by the user, but you can trust that no one has faked the data of $ _SESSION, because $ _SESSION stored on the server.

+7
source share

There is nothing wrong with sessions. In fact, in this situation, I would save the user ID in the session, rather than passing its URL. It will be much cleaner and more professional, IMHO. Saving trivial information in a session is in order.

+1
source share

$_SESSION may have its drawbacks, but using $_GET for this kind of thing is even worse.

+1
source share

If I understand the question correctly, then no one. Use POST instead, and then create a SESSION at login.

Let's say the user comes to index.php , where the login form is. He fills in the information and clicks "login". You send data to login.php using POST . If the username, password and any other information is correct, you create SESSION and redirect the user to another location.

+1
source share

I would use SESSION if you want to keep some information based on the success of authentication. Data in GET, POST variables is too easy to manipulate.

0
source share

If you need to decide between $ _SESSION and $ _GET, then for safe stuff use $ _SESSION. Everything that the user can do with the sessions destroys them (by deleting the PHPSESSID cookie), but the user cannot manipulate them.

If you need to pass the information once, $ _SESSION is very good. You can save some data in the $ _SESSION variable, change the location via PHP (so that the user cannot block the script by disabling JavaScript. Just use header('Location: '.$path); ), use the contents of $ _SESSION on another page and the user will not has a time interval when it can destroy a session. It's safe.

0
source share

The safest way is to use SESSIONS, because this means that only the token identifier is stored on the client side, and all the data represented by the token identifier is stored on the server. In addition, you can set the expiration time for sessions, which will make it safer.

0
source share

SESSION is the best solution. Which makes it safer. Unable to change any of its data.

0
source share

More articles:


All Articles