When to use URL / session / cookie variables?


I do a lot of php and javascript, but I think this is relatively language-agnostic question. Are there any best-practices for when to use each of:

  • URL variables
  • SESSION variables
  • cookies

I understand the inherent limitations of what some of them can't do, but it seems like their use can overlap sometimes, too, and those instances are what I'm really asking about.

EDIT Just to clarify: I'm pretty familiar with the technicalities of which method is stored where, and which the client/server can access. What I am looking for is something a little higher-level, like "temporary user settings should live in cookies, data state info should live on the server, etc..."


In general:

  1. Use URL (GET) parameters for sending simple request parameters to the server, eg. a search query or the page number in a product listing.

  2. Use session variables, as the name indicates, to store temporary data associated with a specific user session, eg. a logged-in user's ID or a non-persistent shopping cart.

  3. Avoid using cookies when possible. Use them sparingly to store settings that are tied to a particular computer / user profile, eg. a setting such as "remember my user ID on this computer".