Cookies

[pritam79]

This code below creates a cookie for a user for the first time he enters his name and until the cookie associated with that particular user expires, he is greeted with the same welcome message each time the same page is loaded by the same user. Now my question is do cookies used in Javascript code for users perform the same task as cookies used in PHP? Which one is useful- creating and using cookies in PHP code (setcookie, $_cookie etc ) or Javascript cookies as below? Are PHP cookies more secure? What are the overheads in both the cases? What if a browser doesnt support cookies

<html><head><script type="text/javascript">function getCookie(c_name){if (document.cookie.length>0)  {  c_start=document.cookie.indexOf(c_name + "=");  if (c_start!=-1)	{	c_start=c_start + c_name.length+1;	c_end=document.cookie.indexOf(";",c_start);	if (c_end==-1) c_end=document.cookie.length;	return unescape(document.cookie.substring(c_start,c_end));	}  }return "";}function setCookie(c_name,value,expiredays){var exdate=new Date();exdate.setDate(exdate.getDate()+expiredays);document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : ";expires="+exdate.toGMTString());}function checkCookie(){username=getCookie('username');if (username!=null && username!="")  {  alert('Welcome again '+username+'!');  }else  {  username=prompt('Please enter your name:',"");  if (username!=null && username!="")	{	setCookie('username',username,365);	}  }}</script></head><body onload="checkCookie()"></body></html>

[Synook]

JavaScript cookies and PHP cookies are the same. Without considering data carriage vulnerabilities neither is "more" secure. Overhead is entirely dependent on implementation. If a browser doesn't support cookies then cookies will just not work (sessions still will though).

[pritam79]

JavaScript cookies and PHP cookies are the same. Without considering data carriage vulnerabilities neither is "more" secure. Overhead is entirely dependent on implementation. If a browser doesn't support cookies then cookies will just not work (sessions still will though).

Creating a session for a user in a PHP script is required only when the user logs in to the site and carries out tasks that are specific to that user, and later when the user logs out, that session is over. Can Javascript handle both sessions and cookies or only cookies? Also if cookie handling in both PHP and Javascript are the same then isn’t it better to use ‘PHP cookies’ because if Javascript is disabled in a browser, Javascript cookies won’t work. Also, what do ‘Javascript cookies’ do more than just getting stored on the visitor's computer and later sending the cookie each time the same computer requests a page.

[Synook]

Creating a session for a user in a PHP script is required only when the user logs in to the site and carries out tasks that are specific to that user, and later when the user logs out, that session is over.

A session is technically a set of client-specific data that is held until the client terminates.

Can Javascript handle both sessions and cookies or only cookies?

JavaScript can't do sessions.

Also if cookie handling in both PHP and Javascript are the same then isn’t it better to use ‘PHP cookies’ because if Javascript is disabled in a browser, Javascript cookies won’t work.

If JS is disabled, you can't access the cookies through JS.

Also, what do ‘Javascript cookies’ do more than just getting stored on the visitor's computer and later sending the cookie each time the same computer requests a page.

Nothing.

[pritam79]

If JS is disabled, you can't access the cookies through JS.

In that case when javascript is disabled, would it be better to not use 'javascript cookie handling' and instead use 'PHP cookie handling' ?

[Synook]

Yes. You should always create basic services with a server-side language anyway, then embellish with JavaScript later.