0

Which is the more reliable, better and safer method to use for URL variables passed to different pages: 1). Using SESSION variables as URL parameters, or

2). Regular query string parameters.

"More reliable, better, and safer" with regard to: 1. Preventing problems deriving from the client side, such as when a user disables cookies 2. Browser compatibilities 3. Making API calls (as some API's have limitations and compatibility issues) 4. Resource and memory usage, and processing speed

I'm creating a site where the amount of query string parameters in the URLs may vary (potentially 9 values carried in the URL) - based on user input. It would seem easier to store the variable values in session variables than to carry all of them (possibly 9) in URL parameters. But because of the 4 concerns mentioned above, I'm hesitant to use SESSION variables.

Thanks for any advice!

PS. The URL parameters are being built dynamically into the $url variable, like this:

$keyword = trim($_GET["Keyword"]);

$url = "webpage.php?";
$url .= "&Keyword=$keyword";

$shopByStore = $_GET["store"];
if (!empty($shopByStore)) {
$url .= "&store=$shopByStore";
}
// with 7 more GET methods potentially retrieving values for the URL parameters

The URL's will look like this:

<a href="<?php echo $url; ?>">anchor text</a><br>

And of course if I go the SESSION variable route, user input values would be obtained from URL clicks and stored in SESSION variables until the session is over.

if (isset($_GET["store"])) {
$_SESSION["shopByStore"] = $_GET["store"];
}
Improve this question
1
  • Your question does not make much sense.... What are you asking? Commented Apr 11, 2014 at 12:37

1 Answer 1

Reset to default
1

Of course it is possible to save for example a submitted keyword for a search in a session variable.

But is it useful? No.

The session variable will forget everything, when the session get's destroyed. Maybe the user wants to save the search or give them to another user?

With GET-parameters it is not problem, just copy the full URL and safe it.

But with SESSION parameters? Not possible. Each user has it's own session and the next time the user visits the site, he will get another session (for example if the users closed the browser before).

In sessions you should only store user specific information. For example the userid, username or basket items.

That are only some points for SESSION vs GET.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.