On Mon, 19 Dec 2016 12:35:26 +0100, Sönke Ludwig wrote:
There are some valid uses for simple applications. For example storing a
couple of small configuration settings (maybe a user-defined theme or
display mode, such as what the dlang.org forums allow).
If the data can be placed in a cookie - let's do it without using additional layers, imitating session. Explicit best implicit.
In general, decisions like this are are typical for early php. The vast experience of php community proved erroneousness of such an approach. This causes security problems, without giving a real benefits in the code.
It is much better to provide file-based session.