[FIXED] Why Prestashop doesn't use $_SESSION for session storage?

Issue

I noticed that Prestashop 1.5 doesn't use $_SESSION(I'm not sure whether other versions take same approach) anywhere in its core to store session data.

I'm really curious to find out why Prestashop developers decided against $_SESSION, and what was the design concerns that lead to this decision. Does it give considerable improvement in security or performance?

Solution

A session is usually short-lived (20 minutes or so) so they decided to use traditional cookies handled by the Cookie object to manage data stored during the user session. This type of storage is longer living.

Answered By - Jan Potužník

Answer Checked By - David Goodson (PHPFixing Volunteer)