Hidden input fields vs Session Vs Cookie









up vote
0
down vote

favorite
1












What are the pros and cons of storing data in:



  1. Hidden input fields

  2. Cookies/local storage

  3. Server side sessions





architecture global-variables







share|improve this question



















  • 1




    Provide your specified cases so it will be easy to help you.
    – Gokul Shinde
    Sep 10 '16 at 6:24






  • 1




    Possible duplicate of Session Id placement: Form Hidden Field vs. HTTPOnly Cookie
    – artem
    Sep 10 '16 at 6:26










  • @artem I simply want to know how is different in simple case as passing value from page to page using them.
    – khuongngoc
    Sep 10 '16 at 6:37










  • Made the question more useful and hopefully more appropriate to SO
    – Chuck Le Butt
    Nov 9 at 18:13














up vote
0
down vote

favorite
1












What are the pros and cons of storing data in:



  1. Hidden input fields

  2. Cookies/local storage

  3. Server side sessions





architecture global-variables







share|improve this question



















  • 1




    Provide your specified cases so it will be easy to help you.
    – Gokul Shinde
    Sep 10 '16 at 6:24






  • 1




    Possible duplicate of Session Id placement: Form Hidden Field vs. HTTPOnly Cookie
    – artem
    Sep 10 '16 at 6:26










  • @artem I simply want to know how is different in simple case as passing value from page to page using them.
    – khuongngoc
    Sep 10 '16 at 6:37










  • Made the question more useful and hopefully more appropriate to SO
    – Chuck Le Butt
    Nov 9 at 18:13












up vote
0
down vote

favorite
1









up vote
0
down vote

favorite
1






1





What are the pros and cons of storing data in:



  1. Hidden input fields

  2. Cookies/local storage

  3. Server side sessions





architecture global-variables







share|improve this question















What are the pros and cons of storing data in:



  1. Hidden input fields

  2. Cookies/local storage

  3. Server side sessions





architecture global-variables




architecture global-variables






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 9 at 18:12









Chuck Le Butt

27.7k45148225




27.7k45148225










asked Sep 10 '16 at 6:19









khuongngoc

6418




6418







  • 1




    Provide your specified cases so it will be easy to help you.
    – Gokul Shinde
    Sep 10 '16 at 6:24






  • 1




    Possible duplicate of Session Id placement: Form Hidden Field vs. HTTPOnly Cookie
    – artem
    Sep 10 '16 at 6:26










  • @artem I simply want to know how is different in simple case as passing value from page to page using them.
    – khuongngoc
    Sep 10 '16 at 6:37










  • Made the question more useful and hopefully more appropriate to SO
    – Chuck Le Butt
    Nov 9 at 18:13












  • 1




    Provide your specified cases so it will be easy to help you.
    – Gokul Shinde
    Sep 10 '16 at 6:24






  • 1




    Possible duplicate of Session Id placement: Form Hidden Field vs. HTTPOnly Cookie
    – artem
    Sep 10 '16 at 6:26










  • @artem I simply want to know how is different in simple case as passing value from page to page using them.
    – khuongngoc
    Sep 10 '16 at 6:37










  • Made the question more useful and hopefully more appropriate to SO
    – Chuck Le Butt
    Nov 9 at 18:13







1




1




Provide your specified cases so it will be easy to help you.
– Gokul Shinde
Sep 10 '16 at 6:24




Provide your specified cases so it will be easy to help you.
– Gokul Shinde
Sep 10 '16 at 6:24




1




1




Possible duplicate of Session Id placement: Form Hidden Field vs. HTTPOnly Cookie
– artem
Sep 10 '16 at 6:26




Possible duplicate of Session Id placement: Form Hidden Field vs. HTTPOnly Cookie
– artem
Sep 10 '16 at 6:26












@artem I simply want to know how is different in simple case as passing value from page to page using them.
– khuongngoc
Sep 10 '16 at 6:37




@artem I simply want to know how is different in simple case as passing value from page to page using them.
– khuongngoc
Sep 10 '16 at 6:37












Made the question more useful and hopefully more appropriate to SO
– Chuck Le Butt
Nov 9 at 18:13




Made the question more useful and hopefully more appropriate to SO
– Chuck Le Butt
Nov 9 at 18:13












1 Answer
1






active

oldest

votes

















up vote
5
down vote













Those three are not mutually exclusive things.



hidden input



A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.



cookie



A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.



session



The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.



In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.



All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?



In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.



If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.



  1. Sessions

    • Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.


  2. Cookies

    • Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...


  3. Hidden input

    • Use hidden inputs when you don't need the end-user to see or interact with the input field on the page, but the server still expects the value to be sent. This is typically used for things like CSRF tokens, or any value that the server expects to get back, but the user isn't required to know or provide upfront. These values are usually sent by your server in the initial page load.


When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.






share|improve this answer






















  • You're the hero we don't deserve.
    – T30
    Mar 30 '17 at 8:50










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f39423214%2fhidden-input-fields-vs-session-vs-cookie%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
5
down vote













Those three are not mutually exclusive things.



hidden input



A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.



cookie



A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.



session



The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.



In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.



All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?



In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.



If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.



  1. Sessions

    • Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.


  2. Cookies

    • Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...


  3. Hidden input

    • Use hidden inputs when you don't need the end-user to see or interact with the input field on the page, but the server still expects the value to be sent. This is typically used for things like CSRF tokens, or any value that the server expects to get back, but the user isn't required to know or provide upfront. These values are usually sent by your server in the initial page load.


When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.






share|improve this answer






















  • You're the hero we don't deserve.
    – T30
    Mar 30 '17 at 8:50














up vote
5
down vote













Those three are not mutually exclusive things.



hidden input



A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.



cookie



A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.



session



The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.



In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.



All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?



In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.



If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.



  1. Sessions

    • Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.


  2. Cookies

    • Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...


  3. Hidden input

    • Use hidden inputs when you don't need the end-user to see or interact with the input field on the page, but the server still expects the value to be sent. This is typically used for things like CSRF tokens, or any value that the server expects to get back, but the user isn't required to know or provide upfront. These values are usually sent by your server in the initial page load.


When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.






share|improve this answer






















  • You're the hero we don't deserve.
    – T30
    Mar 30 '17 at 8:50












up vote
5
down vote










up vote
5
down vote









Those three are not mutually exclusive things.



hidden input



A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.



cookie



A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.



session



The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.



In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.



All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?



In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.



If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.



  1. Sessions

    • Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.


  2. Cookies

    • Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...


  3. Hidden input

    • Use hidden inputs when you don't need the end-user to see or interact with the input field on the page, but the server still expects the value to be sent. This is typically used for things like CSRF tokens, or any value that the server expects to get back, but the user isn't required to know or provide upfront. These values are usually sent by your server in the initial page load.


When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.






share|improve this answer














Those three are not mutually exclusive things.



hidden input



A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.



cookie



A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.



session



The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.



In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.



All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?



In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.



If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.



  1. Sessions

    • Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.


  2. Cookies

    • Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...


  3. Hidden input

    • Use hidden inputs when you don't need the end-user to see or interact with the input field on the page, but the server still expects the value to be sent. This is typically used for things like CSRF tokens, or any value that the server expects to get back, but the user isn't required to know or provide upfront. These values are usually sent by your server in the initial page load.


When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.







share|improve this answer














share|improve this answer



share|improve this answer








edited Sep 10 '16 at 7:04

























answered Sep 10 '16 at 6:52









Sherif

8,55032142




8,55032142











  • You're the hero we don't deserve.
    – T30
    Mar 30 '17 at 8:50
















  • You're the hero we don't deserve.
    – T30
    Mar 30 '17 at 8:50















You're the hero we don't deserve.
– T30
Mar 30 '17 at 8:50




You're the hero we don't deserve.
– T30
Mar 30 '17 at 8:50

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f39423214%2fhidden-input-fields-vs-session-vs-cookie%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Kleinkühnau

Image
Kleinkühnau Stadt Dessau-Roßlau 51.839444444444 12.184444444444 57 Koordinaten: 51° 50′ 22″  N , 12° 11′ 4″  O Höhe: 57 m Fläche: 9,93 km² Einwohner: 1649  (31. Dez. 2011) Bevölkerungsdichte: 166 Einwohner/km² Eingemeindung: 1. Oktober 1923 Eingemeindet nach: Dessau Postleitzahl: 06846 Vorwahl: 0340 Rathaus (Amtshaus Kühnau e. V.) Ev. Kirche Kleinkühnau Kleinkühnau ist ein Stadtteil von Dessau-Roßlau, einer kreisfreien Stadt im Bundesland Sachsen-Anhalt. Er liegt ungefähr vier Kilometer westlich des Stadtzentrums. Südlich der Kühnauer Straße befinden sich der Flugplatz Dessau, das Technikmuseum Hugo Junkers sowie der Standort der Polizeidirektion Sachsen-Anhalt Ost. Kleinkühnau hat 1649 Einwohner (Stand 31. Dezember 2011). Inhaltsverzeichnis 1 Geschichte 1.1 Bevölkerungsentwicklung 2 Siehe auch 3 Weblinks 4 E...
Read more

Makov (Slowakei)

Image
Makov Wappen Karte Makov Basisdaten Staat: Slowakei Kraj: Žilinský kraj Okres: Čadca Region: Kysuce Fläche: 46,052 km² Einwohner: 1.720 (31. Dez. 2017) Bevölkerungsdichte: 37 Einwohner je km² Höhe: 583  m n.m. Postleitzahl: 023 56 Telefonvorwahl: 0 41 Geographische Lage: 49° 22′  N , 18° 29′  O 49.366666666667 18.483333333333 583 Koordinaten: 49° 22′ 0″  N , 18° 29′ 0″  O Kfz-Kennzeichen: CA Kód obce: 509299 Struktur Gemeindeart: Gemeinde Verwaltung (Stand: November 2014) Bürgermeister: Martin Pavlík Adresse: Obecný úrad Makov 60 02356 Makov Webpräsenz: www.makov.sk Statistikinformation auf statistics.sk Makov (ungarisch Trencsénmakó – älter auch Makó , polnisch Maków ) ist eine Gemeinde in der Nordwestslowakei. Inhaltsverzeichnis 1 Geographie 1.1 Bevölkerung 2 Ge...
Read more

Deutsches Schauspielhaus

Image
Deutsches Schauspielhaus Hamburg Aktie über 1000 Mark der Deutsche Schauspielhaus AG vom 20. Juni 1899 Das Deutsche Schauspielhaus im Hamburger Stadtteil St. Georg ist mit 1200 Plätzen das größte Sprechtheater Deutschlands. Entstanden ist es durch eine private Initiative von Bürgern und der 1899 gegründeten „Aktiengesellschaft Deutsches Schauspielhaus“. Die Pläne stammen von dem Wiener Architekturbüro Fellner und Helmer, die das neobarocke Gebäude nach dem Vorbild des Wiener Volkstheaters gestalteten. Am 15. September 1900 wurde das Theater mit einer Aufführung der Iphigenie auf Tauris feierlich eröffnet. Der Name Deutsches Schauspielhaus knüpft an die Tradition des Hamburger Nationaltheaters an, das Mitte des 18. Jahrhunderts durch Hamburger Bürger betrieben wurde und an dem Gotthold Ephraim Lessing als Dramaturg tätig war. Das Schauspielhaus hat die Theatergeschichte der Stadt im 20. Jahrhundert entsc...
Read more