Cookie-based session management provides the easiest way to manage sessions, especially since PHP provides built-in capabilities for this. However, there is also a strong reason why it should be avoided for professional web sites because if the browser is set to block cookies, cookie-based session management fails.

Name: Cookie-based session management.jpg Views: 782 Size: 23.0 KB

Another pitfall is that the cookie might fall into mischievous hands and result in loss of information. Hence, a cookie-based session is useful only for non¬monetary and non-confidential websites. The second part of this article (to be published next month) will explain server-side sessions using database tables.