What are the advantages and disadvantages of the different forms of session tracking (cookies, session objects, hidden fields, URL rewriting)?

Simon Wong

Here are the advantages and disadvantages I found with them:

Cookies 1. simple
2. don't need to send data back to us, browser can participate in this task.
1. size and number of cookies stored are limited.
2. it stored as plain-text in a specific directory, everyone can view and modify them. Personal information is exposed.
3. it won't work if the security level set too high in browser.
Hidden Fields 1. simple
2. No effect on security level setting in browsers.
1. the documents needs to embedded the data inside, waste bandwidth. e.g., if you have to conduct a web-based survey with multiple pages using hidden fields. You have to embed the result from previous pages in the next page.
2. Everyone can see the embedded data by viewing the original source code.
3. If the user surfs to a different site, or to a static section of the same site, the state is lost.
URL Rewriting 1. Every data is appended on the URL => easy to debug.
2. Works even if users disable cookies
1. URL is lengthy and the length of the URL is limited, can't store much information.
2. The URL contains data. If you send this URL to your friends, they might see your information.
3. If the user surfs to a different site, or to a static section of the same site, the state is lost.
Session Objects :
Session usually use either cookies or URL rewriting (depends on security setting of browser) to make it function. Each user will have its own unique session ID to identify himself. The session data will be stored in the server and we can use the session ID to access these data. The session ID will be sent to user either cookies or URL Rewriting. Since the data are stored in server, the size of data is theoretically unlimited. None :-)

0 Comments  (click to add your comment)
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



About | Sitemap | Contact
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.