I am looking for some advice
I have set up some secure pages and used cookies, is it better to use cookies or sessions??
also
I have read somewhere if you dont add a time when setting the cookie it will be destroyed when the browser closes, is this good practice.
Look forward to everyones reply
I use cookies, mainly because I haven’t studied the session mechanism yet, but I think sessions use cookies as well and handle the ‘securing’ of the information stored in the cookie. You’ll have to dig that up though.
As for cookies without an expiration time, yes, they expire when the browser closes. Whether or not this is good practice depends on the application: for example, online banking should use this sort of system to maintain the integrity (especially when customers login from public computers), but for simple forum software it could mean a drastic decrease in userfriendliness.