stackoom
  简体   繁体   中英

SESSION vs. URL

 原文  2013-05-12 21:21:16       php

Question

I was wondering which method is best for passing users information from page to page. For instance, the unique user ID, would it be best to encrypt it and then pass it into the url,like this 

$id= md5($row['user_id'])
http://siteName.com?ud=$id

or would it be better to use sessions to store the variable, like this 

$_SESSION['user_id'] = $row['user_id']

I would like to know which is best and why, but I think both would work just fine, but I do not know for security issues.... Thanks

2 answers

solution1
 4  2013-05-12 21:25:25

Put it in a session. If you put it in the URL and I'm logged in and want to show something to a friend, so I copy and paste the URL to an email/chat/whatever, and boom, he's logged in as me. Definitely not desirable. With sessions you don't have that problem.

solution2
 0  2013-05-12 21:26:30

Use sessions.

To put session informations in the URL is old and bad. Example: If someone is in a webshop, and send a link to a product to a friend, they will use the same session.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP Session vs. DB Lookup Cookie vs. Session based flash message PHP ::: Speed Test ::: $_SESSION vs. $variable data between pages: $_SESSION vs. $_GET? Session variables vs. Mysql table PHP - Default session handling vs. custom session handling “Undefined variable: _SESSION” VS. “A session had already been started” current_url() vs. “ ” in an href Functionality via Url Interface vs. Include Redirect to URL (via header) vs. copying pasting URL in browser
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM