What are the pros and cons of storing data in: <ol> <li>Hidden input fields </li> <li>Cookies/local storage </li> <li>Server side sessions</li> </ol>

Those three are not mutually exclusive things. <h3>hidden input</h3> A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser. <h3>cookie</h3> A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools. <h3>session</h3> The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session. In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the <code>session_id</code> that is usually sent back to the client as a cookie. <hr> All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column? In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense. If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are. <ol> <li>Sessions <ul> <li>Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.</li> </ul> </li> <li>Cookies <ul> <li>Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...</li> </ul> </li> <li>Hidden input <ul> <li>Use hidden inputs when you don't need the end-user to see or interact with the input field on the page, but the server still expects the value to be sent. This is typically used for things like CSRF tokens, or any value that the server expects to get back, but the user isn't required to know or provide upfront. These values are usually sent by your server in the initial page load.</li> </ul> </li> </ol> When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.

Hidden input fields vs Session Vs Cookie

What are the pros and cons of storing data in:

Hidden input fields
Cookies/local storage
Server side sessions

Should I use cookie or session?

Cookies store it directly on the client. Sessions use a cookie as a key of sorts, to associate with the data that is stored on the server side. It is preferred to use sessions because the actual values are hidden from the client, and you control when the data expires and becomes invalid.

When would you use a hidden field?

A hidden field lets web developers include data that cannot be seen or modified by users when a form is submitted. A hidden field often stores what database record that needs to be updated when the form is submitted.

What is the purpose of hidden fields and are they secure?

Hidden fields allow developers to process application data without having to display it on the screen. Using hidden fields to pass data in forms is a common practice among web applications and by itself is not a security risk. However, hidden fields are not secure and can be easily manipulated by users.

Those three are not mutually exclusive things.

hidden input

A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.

cookie

A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.

session

The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.

In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.

All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?

In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.

If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.

Sessions
- Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.
Cookies
- Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...
Hidden input
- Use hidden inputs when you don't need the end-user to see or interact with the input field on the page, but the server still expects the value to be sent. This is typically used for things like CSRF tokens, or any value that the server expects to get back, but the user isn't required to know or provide upfront. These values are usually sent by your server in the initial page load.

When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.

Hidden input fields vs Session Vs Cookie

Tags:

architecture

global-variables

khuongngoc

People also ask

1 Answers

hidden input

cookie

session

Sherif

Recent Activity

Donate For Us

Hidden input fields vs Session Vs Cookie

Tags:

architecture

global-variables

khuongngoc

People also ask

1 Answers

hidden input

cookie

session

Sherif

Related questions

Recent Activity

Donate For Us