I currently have a corporate intranet working with session variables, and it does it very well. Today I will start with a project for the general public and I decided to load the datastore on the front-side with cookies. I have never used them and I am confused. My question is: can I use a cookie to store certain data of a user that came from the database?
For example:
$_SESSION["NOMBRE"] = 'Juan Pérez';
$_SESSION["ID"] = 12345;
This has helped me a lot to create my intranet, but I don't understand if the cookie stores the same data that I need.
The concept is to store persistent data across page loads for a web visitor. Cookies store it directly on the client. Sessions use a cookie as a type of key to associate with data stored on the server.
Using sessions is preferred because the actual values are hidden from the client and it is handled when the data expires and becomes invalid. If everything was based on cookies, a user (or a hacker) could manipulate your cookie data and then play requests on their site.
Note: I don't think there is any advantage to using cookies other than simplicity. Look at it this way... Does the user have any reason to know their ID? Normally I would say no, the user has no need for this information. Giving information should be limited on a need to know basis. What if the user changes their cookie to have a different ID, how will your application respond? It is a security risk.
Source StackOverflow
Let's see an example as if a cookie could be created with the same data as a session
We create a cookie
manual setcookie
Get cookie
If you want to destroy a cookie