Which is better to pass PHP var in an AJAX call to another page: POST or via session?
in a php site i am creating i use a Prototype AJAX call to access another php page. This php page needs a variable that lives on the first page as a SESSION var (in the sense that it has been used multiple times on this page).
This is more of a curiosity than anything else, but: which of the two ways to pass our variable is preferable, if any:
- on the page being called, start a session and get the var you need there, or
- in the AJAX call, pass the session var on as a POST parameter
So, I'm curious if there is a higher "cost" for POSTing var between pages, compared to getting var from session (adding session_start (), etc.).
It is easy to group servers using the POST method because less state is saved on the server side, but at the expense of sending potentially sensitive data to the client.
With the Session method, there is less bandwidth between server and client, but it is more difficult to scale multiple front-end web servers.
source to share
I would say using a session.
You already have the overhead of sending the session id in the request header so you can use it. Having said that, it's not a huge overhead anyway, but none of them publish a small amount of data. To post data you need to have it on the client side, and if that's the only reason you have it on the client side, you are completely useless to open it up for spoofing.
Scalability between load balanced servers, if that turns out to be an issue, will still have to be handled if you are using sessions.
So if your sessions work, use them.
source to share