The Slim Framework support forum has moved to This Tender forum is no longer maintained or monitored.

Sessions: Cookies vs Server

dan's Avatar


27 Jan, 2012 07:12 PM

I'm curious to know which session storage method most developers prefer to use...

Slim (1.5.x) defaults to encrypted cookies, what are the pros and cons of this approach?

And why would someone prefer the PHP standard style of session_start() which stores them on the server?

  1. Support Staff 1 Posted by Josh Lockhart on 27 Jan, 2012 08:43 PM

    Josh Lockhart's Avatar

    Hi Dan,

    It's really up to you and depends entirely on the application. If you are dealing with sensitive information, store the data in PHP sessions server-side; never store sensitive data in HTTP cookies, encrypted or not.

    However, if you are dealing in non-sensitive information, you may find the HTTP session cookies to be convenient (and still secure for most purposes). Bear in mind that HTTP cookies are inherently limited to only 4 Kb of data, so if you are storing a lot of info, you'll need to use PHP sessions.

    Slim version 1.5.x and earlier always use HTTP cookies to store session data. Version 1.6.0 (currently in the develop branch) does not initiate a session for you. If you want to use PHP sessions, it is your responsibility to configure and start the PHP session before you instantiate the Slim application. If you want to use HTTP cookies, that feature has been abstracted into optional middleware which you can enable with $app->add('Slim_Middleware_SessionCookie') after you instantiate the Slim app.


  2. 2 Posted by Mark on 28 Jan, 2012 07:24 AM

    Mark's Avatar

    Is it possible to use HTML5 LocalStorage instead of (good olde) browser cookies via a different implementation of ('Slim_Middleware_SessionCookie') (Slim version 1.6+)?

    I realize that would create a HTML5 only solution... However, my mobile web app is completely HTML5-based and I am trying to get around the "iPhone 4 (Safari) accept cookies=off by default" problem.

    Thanks in advance for any suggestions.

  3. Support Staff 3 Posted by Josh Lockhart on 28 Jan, 2012 03:13 PM

    Josh Lockhart's Avatar

    @Mark Not that I am aware of. Bear in mind that cookie data is set server-side. HTML5 LocalStorage is set client-side.

  4. 4 Posted by clay on 30 Jan, 2012 06:52 PM

    clay's Avatar

    Congrats on a great piece of work.

    My question concerns sessions and probably arises from gaps in my knowledge.

    In the Version 1.5.0 Upgrade Notes, you say "changes to global data structures (ie. $COOKIE and $SESSION) will affect all applications."

    I'm confused about what "changes," "global," and "affect all applications," taken all together means.

    The statement seems to me to mean:

    given users B & C,

    if the user B session is set with $SESSION[1] = 2 then $SESSION[1] will be 2
    for all App users on

    for all App1 .. App(n) users on

    I hope this isn't a cringe-worthy question and I appreciate your feedback.


  5. Support Staff 5 Posted by Josh Lockhart on 30 Jan, 2012 06:57 PM

    Josh Lockhart's Avatar

    Likely poor word choice on my part. It is possible to instantiate multiple Slim apps in the same script (not that I recommend this at the current time). The statements I made that you quoted only concern that scenario — if you have multiple Slim apps in the same script, changes to superglobals will affect all Slim applications in the current script. That's all.

  6. 6 Posted by clay tyler on 30 Jan, 2012 07:11 PM

    clay tyler's Avatar

    Wow, that was a fast reply!

    Your answer is a big relief. I had gotten some tutorials picked out and got
    all set to read the docs and then ... whoa!

    Anyway ...

    This is the first framework I've set out to study so I expected I'd be
    confused about some things but yeah, what that sentenced seemed to say was
    enough to make me write what's probably my fourth forum post ever :)

    Well, thanks for getting me cleared up on that.

  7. Josh Lockhart closed this discussion on 30 Jan, 2012 07:12 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac