Click here to Skip to main content
15,894,330 members
Search within:


Is there a tradeoff mechanism between session and cookie?
Please Sign up or sign in to vote.
2.00/5 (1 vote)
See more:
session
web
I am getting a question, that is cookie is not secure enough and session is eating too much memory, is there a mechanism to do a tradeoff between those two?

I know a little difference between session and cookie, but I really have no idea.

Anyone has idea about this? Thanks in advance!
Posted
Updated 4-Jul-13 21:48pm
v2
Add a Solution
Comments
Sergey Alexandrovich Kryukov 5-Jul-13 3:40am    
I'm afraid you are comparing apple with Apple.
—SA

2 solutions

Not really - there is a huge difference between the two: one is server side, and the other is client side. That means two things:
1) Cookies are persistent - they can survive beyond the limits of the current session. So the user can turn his computer off, come back tomorrow and the cookies are still available when he connects to your site. This is great for shopping lists and so forth, and for low-security logins (such as this site). Sessions are not persistent - they expire after inactivity, or when the browser is closed.
2) Sessions are inherently more secure - because data does not leave the server, so it can't be intercepted, either in transit or by client based tools (legitimate or otherwise). This is good for financial based logins, credit card info, and so forth.

The "tradeoff" you talk about is not a fixed thing - it is down to the use to which your application will be put.
 
Share this answer
 
Posted
Comments
Sergey Alexandrovich Kryukov 5-Jul-13 3:51am    
Well explained, a 5.
—SA
paul_cheung 5-Jul-13 10:17am    
very kind of you!great comparison.I don't think i have described my question clearly! i mean, is there something that can replace session and something replace cookie?
OriginalGriff 5-Jul-13 10:56am    
Not really - you *could* replace cookies with a query string:
www.mydomain.com/page.aspx?userid=1224
But that's even less secure than cookies are...

What are you trying to do?
paul_cheung 5-Jul-13 23:17pm    
yeah agreed,query string is less secure than cookies; i haven't a real requirement related to this question, i just get this ambiguous question from someone!thanks...
Here you can get all answer of cookie and session:

what is the relation between cookies and session?[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Write a login mechanism
Sensitive cookies not marked as secure
Cookies,Session and Guid
Warning: session_start(): cannot send session cookie - headers already sent by
store in session or cookie
How to set the virtual path in cookies in ASP.NET?
where storing session ID when i disable cookie option(Cookieless SessionIDs)
What is a difference between cookie and session
A doubt about PHP session and session cookie
in session and cookies which is more secure

Advertise
Privacy
Cookies
Terms of Use
Last Updated 5 Jul 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900