FROM THE TWIG DOCUMENTATION: 
(twig.screwdriver.net)


session handlers: 

get 
as it implies...appends the session array to your url on all links. 
The advantage is it is fast. The disadvantage is it is slow ;-)
(depending 
on the network load, type of client connection..ie dialup?) because 
the pages are quite a bit larger (at least 50%) due to the very long 
href strings. 

get2 
pretty much the same as get, slightly different hrefs. 

sqltable 
Session data is stored in sql table. This can be ok depending on 
how fast your database is. I found a somewhat noticeable delay in 
loading pages with my pgsql database (as it is configured on our
server). 

php4session 
This uses the session management features in PHP4. Data is stored
on your 
system according to how php is configured. I had some trouble with
this 
option and haven't gone back to it to debug the problem. Each link
contains 
a token for the session and a code for feature/function, making the
href's 
much shorter and thus the pages smaller. 

login handlers: 

cookie 
Stores login name and password in plain text in the browser's cookie.
Some 
would consider this insecure. 

sqltable 
Stores login name and password in plain text in a sql table. In some 
situations this can be very insecure. Especially if you get hacked and 
don't catch it quickly. 

base64cookie 
Same as cookie except it uses base64 encrytion. Security by
obscurity? 

php4session 
I'm not sure of all the rammifications and have tried this but not
checked 
it out completely. I believe that if you use files for session data (php4 
config) then you will have plain text passwords in those files. 

securecookie.sqltable 
Nice option. It encodes the password and splits it between the 
the client system and the server. Access to both client and server is 
necessary to derrive passwords. 

securecookie.php4session 
Similar to securecookie.sqltable except php4's session feature is used 
instead of the sql table. 

session 
This is a method that uses stores the login information in the session
data store, this should only be used with the sqltable session handler
and is less secure than the other system 
