It’s a well known fact that HTTP is a stateless protocol and cookies are needed to keep the communication session.
When dealing with sessions with PHP, we have two main solutions:
– set manual cookies
One approach is using directly the PHP functions to set the cookies. When possible I don’t use manual cookies(except than keeping an hash string for the user identity or keep the session after the browser is closed) as there are lots of issues (datas kept in the user browser so they have to be validated at each request, difficulty to store complex datas, browser compatibility or partial cookie blocking etc…).
– session functions
A much easier approach is using the session functions. The session is automatically managed by PHP and the superglobal array $_SESSION is available with persistent user datas, thanks to the session cookie automatically managed.
Advantages: data stored in the server, easy to save arrays and custom objects, superglobal array immediately available and semplicity in writing the code.
Disadvantages: not possible to keep it after the browser closes (except a custom save handler on disk or db) , not possible to specify URL path and domain for the session.
– server balancer issues -> cookies !
Today we had some issue with our server load balancer. We realize that it didn’t support sticky sessions, so at every redirect (also to the same page because of some rules) the session datas (kept through session functions) were deleted. In order to meet a deadline, we set a manual cookie to keep the data needed.