I am building a site right now and I am wondering if the decision I have taken is correct!! I have a form and want user to validate the form in the preview section. So basically, I validate the data on server end & then create a cookie using which the preview is shown to user. If user wants he/she can change it by going back to form. My concern is about COOKIES. Is my dependence on cookies an issue? Or in other words, if I make my site to work only with cookies what the hurdles could be? This area of the site is not crawlable and is available only to registered users. So what do you guys think? Is keeping COOKIES available mandatory a good idea? Or are there any potential issues? I am not that GURU yet!! You could suggest other options to me as well.
If you are concerned about security, then I would suggest using sessions as opposed to cookies. With cookies the information is stored on the user's hard drive. With sessions, the information is stored on the server for the duration of that session. Sessions can also work if the user has cookies blocked or disabled using an inbuild feature called tag rewrite, although I usually turn this off as it makes URL's messy and is generally bad for SEO. Anyway, to use them just do this: <? session_start(); session_register("my_variable"); ?> PHP: You need to include session_start() at the top of your php page, and then register any variables you want to use. Values are referenced by using $_SESSION - so the value above would be $_SESSION["my_variable"]. There's more information in the PHP docs, but this should give you enough to get something underway!
Technically speaking, sessions are implemented via cookies. So if somebody steals the cookie he has the ability to impersonate the original user. But for practical purposes I would not worry about it too much. Sessions are a great way to do things. It is industry standard nowadays in PHP.
Using just sessions for security feature is not a good idea and it can be cracked very easily unless you use DB sessions. A guy with average knowledge of PHP can easily crack your session code and dig in your site and mess it up. My question was not about security. So may be I was not clear. I am not concerned about security. The aim of my question was the general availability of cookies. In my opinion, almost 99% of users have cookies enabled. What is the opinion of you guys, how many of your users do not have cookies enabled? Any advantages of using session over cookies for temporary storage of data (However, data is validated for consistency during each interaction with server , which I would do even if I was using sessions).