0

In relation to How to create a secure login system using cookies and sessions?

I'm building a simple forum, spending my time securing $_SESSION => hashing as mindful person about security but simple one because my future website will be not something giant, I will enable SSL.

Will I need cookie(s) for example about Google Search Console/day's visitors/SEO or nothing special about that and general security ?

Thank you for your help

YUMI
  • 94
  • 9
DoomPhp
  • 1
  • 2

2 Answers2

0

The Sessions and Cookies both serve the purpose of storing data.The sessions are made at the server and gets destroyed once the connection with the server is lost or the application is closed, while the cookies are made at the client and stays for a defined time, either the application is opened or closed.And you can delete them anytime you wish.

So in relation to the security, the sessions are more appropriate than the cookies.

The latter part of your question is a kind of vague to me, yet I think this answer will be of some help to you. :D

You can find a Cookies vs. sessions comparison here.

YUMI
  • 94
  • 9
  • Thank you for edited help i approved, i think i am too much stressing about security leak. I don't need to save settings who can be change by user like css themes but just simple forum and if i secure my users datas with prepared statements properly, it can be enough but each days i looking if i can make deeper security. – DoomPhp Feb 09 '20 at 05:10
0

There are three main ways, we can get data from our users.

  1. By typing a url or click a link which will be a GET request.
  2. By submit a form which will be a POST request.
  3. Pulling values out of their browser COOKIE that send with every request they make.

and there is one more method to get data which is -

  1. SESSION

sessions are related to cookies.
A session is a file that stored on the web-server file system not on the browser side.
So, when we want save some information, the process is instead of sending a cookie to the user, we send them as a reference to that session file.
So on every request they make to the web server after that they send the reference and were able to lookup that session file and pull all the data out of it.
So the most important difference with sessions that they stored in server-side not client-side.
All we send to the client is a reference to help us find that file.

Using sessions has some benefits and drawbacks -
PROS -

  • More storage than cookie.

cookie is limited to 4000 characters maximum.
for session, it is limited to only by the file storage size that you have on a web server i.e; how big is the hard-disk, that's the limit.

  • Smaller request sizes because session uses reference.
  • Conceals data values.
  • More secure, less hackable.

CONS -

  • Slower to access.

You won't see much difference on camparing to cookies, but it is.

  • Expires when browser is closed.

Cookie can live 6 months or more.

  • Session files accumulate.
Abhishek Kamal
  • 670
  • 6
  • 18
  • **Session files accumulate** can be a little bit annoying but easily deleted. Honneslty if this is the only issue.. i studying seriously https://stackoverflow.com/a/12213911/12865720 and it can be a proper solution – DoomPhp Feb 09 '20 at 22:20
  • If you want heavy security, then store those sessions in database. But you must know that 100% security is unachievable. – Abhishek Kamal Feb 10 '20 at 00:52
  • I am aware, just working around for a stable security and inscrease it step by step, but yes, i feel session is the correct way for now. – DoomPhp Feb 10 '20 at 05:38
  • Do i need make a cookie condition on **Global Site Tag** if user accept then the script will be enable or these analytics system by Google are automatic ? – DoomPhp Feb 21 '20 at 13:21
  • @DoomPhp stack**overflow** it self says that **by visiting our site you are accepting our cookies** . It doesn't give any prompt to accept cookies... – Abhishek Kamal Feb 21 '20 at 13:47
  • My question focused about my website and analytics datas, do i need make a cookie with **Global Site Tag** if i want watching some infos about it for exemple ? – DoomPhp Feb 21 '20 at 14:02