Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
In my opinion, sessionless design is more preferrable:Pros:
Cons:
So just save a small amount of data on the client side (cookies). Usually it's authentication token (which is invalidated on password/email change) and some temporary data necessary to perform requests.All sensitive data is signed using MD5 hashes (depending on some secret information available only on the server side - e.g. salt which is a combination of hash of the password and email). So changed cookies on the client side is not a concern.