[pmwiki-users] Setting and getting cookies in PmWiki

Joachim Durchholz jo at durchholz.org
Sat Mar 25 14:53:56 CST 2006 

Bellave Jayaram schrieb:
> Jo,
> 	Thanks a lot. This helps a great deal. After reading the caveats, I
> have one question - what can I do in PHP to create a unique code (maybe 3 or
> 4 digits) for each string I want to store in the list_of_strings and then
> decode it back to the string in the generating function? I don't yet know
> how large my session data could get but if it does become large, this would
> be one way to reduce it, wouldn't it?

Yes, but I wouldn't worry unless the data becomes really large.

> Alternatively, if I want to avoid $_SESSION completely, I am wondering if I
> could use the (?name) markup that Pm said he might provide as a recipe in
> the 'getting form variables' thread - (provided it can be used on more than
> one form submit and not just the last submit).

Hmm... that would mean putting everything into form data (using hidden 
fields), in the form of
   <input type="hidden" name="whatever" data="..." />
HTML fields.

On the plus side:
1) Session storage will be kept to a minimum.
2) The server isn't responsible for storing the data. Session data 
typically "dies" after half an hour of inactivity, while data in a form 
will live even if the user is away for lunch.

On the minus side:
3) The data will be sent across the network. If there's so much data 
that session storage becomes a problem, then it's also enough data that 
network transmission will take noticeably longer (unless server and 
browser are on the same local network, in which case this point doesn't 
really matter).
4) The user will be able to inspect and even modify that data. Don't 
trust the data you'll be getting back, particularly not for things 
involving money or a service for which you give monetary guarantees.
5) You have to HTML-encode the data before placing it in the <input 
type="hidden".../> field, and HTML-decode it when retrieving it from 
$_REQUEST. This encoding and decoding may have subtle bugs (particularly 
if your data is binary, or may contain umlauts or other "funny 
characters"), and it also takes CPU time (most Internet servers are 
either network-constrained or CPU-constrained, disk space is far less of 
a concern).

Regards,
Jo

More information about the pmwiki-users mailing list