Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
ZaxapKramer2016-04-25 13:03:46
User identification
ZaxapKramer, 2016-04-25 13:03:46

What is better to use for authentication: sessions or cookies?

What is better to use for authentication?
When using sessions, data is stored in temporary files on the server - hence the extra load, and if there are over-many users, sessions with a relatively long storage period will start to crash (they will crash anyway). Cookie files are stored on the computer, in the browser, which should be a plus in terms of performance.
Phalcon has the ability to use Memcache or Redis to store sessions, but what are the pros and/or cons over cookies?
Yes, I read a lot about how sessions are safer. cookies are stored in the clear, but with proper implementation of cookies, there should be no gaps. Sessions, on the other hand, are attracted by the lack of entries in the browser (unlikecookies ) and are repelled by the presence of the same records on the server (this is both a plus and a minus, as with cookies).
Help with the choice, please.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
VZVZ, 2016-04-25
@ZaxapKramer

I somehow did not study authorization, but somehow I do not see any logical difference between sessions and cookies.
Firstly, are there sessions without cookies?
Secondly, if cookies (for example, a token is stored in cookies - for example) are stored ONLY on the client, then how will the server check whether the client is using the correct token, and from which account (user) is this token? So, again, the token must be stored on the server, either in the database or in files, possibly with the use of radishes ...
In short, in my opinion, sessions are just a special case of a cookie-based solution.
UPD: and the very question "which is better" is initially absurd. It seems obvious that since there are 2 tools for the same task, it means that one is better for some cases, the other for others. And without specifying the task, it is impossible to answer "which is better".

Report
@
@gugozoha, 2016-04-25
_

Yes, I've read a lot about sessions being safer. cookies are stored in the clear, but with proper implementation of cookies, there should be no gaps. Sessions, on the other hand, are attracted by the absence of entries in the browser (unlike cookies) and repelled by the presence of the same entries on the server (this is both a plus and a minus, as with cookies).

Stop drugs. How do you think the session id is passed when cookies are disabled?

Similar questions
T
TAnonim2018-07-23 15:22:15
How to implement "remember me" option on multiple devices for one user? 0Reply
A
antkalashnikov2013-11-25 21:19:13
How to close all content from unregistered joomla users? 1Reply
H
historyfootball02018-07-25 14:33:43
How to prevent an authorized user from accessing the page with authorization and registration7? 1Reply
H
historyfootball02018-07-25 22:31:01
How to check if a user is logged in using a session? 0Reply
S
Stanislav2020-07-16 18:32:11
Where can I find examples of cross-site authorization? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question