Whether to store user information in sessions?

That is, duplicate data in database, by implementing their own mechansim store the session data? IMHO, not worth it, unless someone has very specific requirements — or pull the database on each request or pull them only for authentication and use standard tools sessions to save the collected data from DB for further use

1. Session data is temporary, that proceed from this.
2. The question, apparently, we are talking about persistent data — store them in user profiles in the database.
3. If you want to pull database, although there is nothing wrong, do the caching.
4. PHP has built-in session mechanism, your no need to invent. Bekende may be different files, database, memcached, you can implement your.

Why? If I am almost sure, the same data are stored in a table nearby. Keep only the information which allows to recognize the user and his unfinished session, and as a result and recover data in $_SESSION in Your application.

I think you in the right direction, that's just a session a bit wrong.
Why forget?
\r
Let's remember the cause-and-effect relationship: the Session is the object of someone of a particular user (previously authentifizierung), thus saving the user's data in session you violate cause and effect.
\r
I suggest to use the following:
To create a static class (I think this is possible in PHP. In .NET is responsible for this System.Threading.Thread.CurrentPrincipal). And the current user to put in the value of a property of a static class. (Yes, there is a possibility not authorized to substitute data, but on the other hand can be impersonalization (impersonation). And the value to organize as a structure that could be serialized.
\r
Serialization of this structure is necessary for what would then encrypt the result (there are nuances), and in view of the INDIVIDUAL Cookie to put on the user side. And when prompted to check the cookie's value, and restores the value of the property as aforesaid of a static class.
\r
This approach will simplify the user authentication after restarting the application (because the session is an object in memory).
\r
Important points:
1. Not proper use of encryption can lead to security issues (the value of an encrypted data, you can save and use again)
2. Not to forget about synchronization data and to consider the fact that during operation there may be times when data is out of synchronization
(Someone in the database has changed, and the user still uses the old dataset. Curing can login/logout, if you were straight).
\r
There are questions, please contact us.

Authorized is Received from the database all the necessary information — Recorded them in $_SESSION Until the user logs off from the site pull $_SESSION