Question

A few months ago, I first used PHP. I researched cookies, sessions, and their distinctions in order to build a login system for my website (cookies are saved in the user's browser; sessions are stored on the server). I favored cookies back then (because who doesn't like cookies? he just said: "Who cares? I can't get a reasonable deal to keep it on my server "I, therefore, decided to use cookies for my bachelor's thesis project. However, after finishing the bulk of my software, I learned that sessions are more suitable in this specific scenario for keeping the user's ID. So I began to consider what I would respond if the jury asked me why I had chosen to utilize cookies rather than sessions. Just for that reason (that I do not need to store internal information about the user). Is it sufficient as an excuse? or is there more to it?
Could you kindly explain the benefits and drawbacks of utilizing cookies to store the user's ID?

Answer 1

The idea is to save persistent data for a web visitor between page loads. It is immediately stored on the client through cookies. Cookies are used by sessions as a kind of key to connect with the information kept on the server side.

Sessions are recommended because you have control over when the data expires and becomes invalid and because the client is not shown the actual values. If everything depended on cookies, a user (or hacker) may change their cookie information and then make requests to your website.

Edit: Aside from convenience, I don't see any benefits to using cookies. Consider it in this manner Do they have any justification for knowing their ID#? Normally, I would respond that the user does not require this information. Information should only be disclosed to those who need to know it. How will your application react if the user modifies his cookie to have a different ID? Security is at danger. Before sessions were popular, I essentially had my own method. I kept my permanent data in the database along with a special cookie value that I had put on the client.