Am doing online Quiz type of script in PHP. It is better to use cookies or sessions.

Question

Hi all,

Am doing online Quiz type of script in PHP. User needs to attend 50 Question in 45 minutes.

After that time it should close the page or Submit the answer to the next page.

It is better to use cookies or sessions. How can i do that.

Am novice in session concept so can u suggest the suitable code.

Awaiting the earliest reply

Answer 1

I assume, as this is a quizz, you'll count point, record ranks, etc. So your users will eventually try to cheat.

Therefor, I would recommend sessions which are only server-side.$_SESSION is an array, like $_GET and $_POST, unique to every user using your website. You can put and retrieve anything when you want.

The only thing client side is a special cookie, called PHPSESSID, which is your visitor's id, used by PHP to retrieve his $_SESSIONarray.

Only things you have to do is to begin every page with session_start(); , before any instructions (except if you use buffering like ob_start())

Answer 2

A good article to take a look at sessions, cookies and the inherent security risks is http://blog.themeforest.net/tutorials/working-with-sessions-and-cookies-in-php-and-mysql/

Basically, you can set a session like this:

session_start();
$name = "John Jackson";
$_SESSION['name'] = $name;

Answer 3

The main difference between cookies and sessions is where the data is stored.

With cookies, you send the data to the browser, and the browser keeps sending it back to you with every request thereafter.

With sessions, you're storing the data in memory, and then just setting one cookie that has an ID to identify the chunk of space in the server's memory where the data is stored.

The crucial difference is that when the data is stored in cookies:

• it can be edited by the user
• it can be seen on the network as requests are made
• it adds to the weight of each request in additional bandwidth required
• it takes up less server memory

When data is stored in the session:

• it can't be accessed by the user without going through you
• it's not sent back and forth with each request (only the session ID cookie is)
• but it takes up memory on the server
• it can cause issues on larger sites when needing to move to multiple web servers

I would say it depends on scale. For a lot of questions, those cookies will get heavy and make each request very large. If you quiz is running in an environment that is spread across multiple front-end web servers, sessions might be out of the question.

I suspect the deciding factor is going to be the integrity of the quiz though. If it's crucial that the user can't change the data (such as previous answers, a running score or a timestamp for the start of the quiz) then you'll need to store the data out of their reach, which means using sessions.