Folks,
Few years back, 5 or so, I learnt about the php sessions & cookies. Mostly used the former. Now revising on the latter. I have forgotten the real differences between the two apart from former holds user data on server while latter on user browser.
But reading back on Sessions, I am reminded about SID. That gets placed on user side. So, how is it any different than the cookie that also gets placed on user side ?
So, with the cookie all variables datas are placed on user side while with the session only the SID ? And for this the session is a big deal because only the SID gets sent back and forth to server & browser thus eating little bandwidth while with cookies all vars data get sent back & forth to/from browser/server thus draining bandwidth ?
Anyway, tutorials say users, like hackers, can easily change cookie data on their side while they cant change session data that is on serverside. But if they change the SID (that represents Account Holders’ Usernames) that is on their clientside then they will trick the server to show personal data of other members of the website. personal data that session variables usually hold. Right ?
Why do I get the feeling that, you will say the SID is unique and even though it sort of represents Usernames of membership site’s Account Holders, the SID will be randomly created following no rules or formula, that if decoded, the username won’t be found ? Or, did I come close to what you wanted to say ? Lol!