PHP Tips and Tricks

[mrmajic]

Just wondering, whats the difference between passing variables via session and passing variables via post .. atleast with session, the variables are always global .. so wouldnt it be better to do it that way?

[hallsofvallhalla]

post is much more secure while session variables can be potentially dangerous to cheat

session variables in plain text can be sniffed. There are also programs out there that can take memory snapshots.

If you are making a game where you plan to have a host of different people playing then you are going to have some moron thinking he is a hacker and trying to cheat. There are ways to stop it, but I personally use post and get methods because they die after page is loaded. You can encrypt a get method also to scramble it when sending it through the URL.

[Noctrine]

Hmm I thought it was the other way around. I thought session was hidden, I can easily see post variables. Atleast on sending.

I thought session was stored on the server, with the end user getting a key that allows the server to auth them.

[hallsofvallhalla]

just depends if you set it up with a key, how can you see post variables? not get...

[Noctrine]

You can convert them to gets actually.

[mrmajic]

so session or post is more secure???

[Noctrine]

I'd say session, depending on use. For example, login cookies are always session.

[mrmajic]

I'd say session, depending on use. For example, login cookies are always session.

id say session too .. as the sessions are kept on the server ..

[hallsofvallhalla]

how would you convert a post to a get, please tell

[hallsofvallhalla]

thats what I thought, no way to get post variables that i know of, not form the "player side"