tags:

views:

416

answers:

4
Q: 

which is better to pass a PHP var in AJAX call to another page: POST or through the session?

Hi,

in a PHP site I am building, I use a Prototype AJAX call to address some other php page. This called php page needs a variable that lives as a SESSION var on the first page (in the sense that it's used multiple times throughout that page anyway).

It's more curiosity than anything else but: which of both ways to pass our variable is preferable, if any:

  • on the called page, start the session and get the var needed from there, or
  • in the AJAX call, pass the session var on as a POST parameter

So, I am curious if there is a higher 'cost' to passing a POST var between pages, versus getting the var from the session (adding session_start() etc).

A: 

Using the POST method it's easy to cluster the servers since there is less state remembered on the server side, but at the cost of sending, potentially sensitive, data to the client.

Using the Session method, there is less bandwidth passing between the server and the client, but it's harder to scale across multiple front-end web servers.

Allain Lalonde  2009-01-08 17:16:27
+2  A: 

If the value has no security concerns, pass it via the GET or POST method. Only ff the value has some security issues or it could be a serious problem if the user were to change the value (via a proxy or injection) then use SESSION.

TravisO  2009-01-08 17:21:52
A: 

I'd say use the session.
You're already suffering the overhead of sending the session id in the request header so you may as well make use of it. Having said that it's not a vast overhead anyway but neither is posting a small amount of data.
In order to post the data, you need to have it available at the client side too and if that's the only reason you have it at the client side, you've left yourself needlessly open for spoofing.
The scalability across load balanced servers, if it turns out to be a problem, is going to have to be dealt with anyway if you're using sessions.
So if your sessions are working, use them.

meouw  2009-01-08 20:28:36
A: 

I am actually looking for an answer for your question.

Bu this is what I found: If the Variable is on the Session in the first page, this means that you cant call session_start() on the "ajax called" page. Unless there is some workaround Im not aware of?

 2009-03-11 16:27:50

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases