Why do we store a random bigint for cookie id instead the sessionid?

Question

see function qa_db_cookie_create($ipaddress) and function qa_db_random_bigint()

I wonder why we do not directly store the session id as an identifier?

From my information, a cookie is created on each session by PHP automatically.

I think the sessionid would make more sense to identify events by anonymous users.

Answer 1

I'd say in all cases they should be interchangeable. In a really weird case in which a user migrates to a different server, session IDs will differ, but cookie IDs won't.

Aside from that, cookie IDs are generated by Q2A and they take 8 bytes (a MySQL big integer). However, PHP session IDs are more unpredictable, server-dependent and most likely would take more space.

For example, 5sd9ev06f3d2j35vgu1i5bri0i is a possible session ID. Those are 26 characters. Storing that would take 26 bytes, which will make searches less efficient.

Comments

Thanks for providing one reason. Efficiency and storage. Gracias :)

Answer 2

It is seemingly by design, if i am not mistaken. Php session is seldom used in q2a. Q2a uses its own simple cache mechanism. I think this kind of  architecture is pretty good