Whether to store user information in sessions?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/code-flow.club/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
6 views
And actually the question of how best to do it.

Ie for example I autoritou user on the website, create the session and its ID written in the cookie.

Further, the user has a lot of information, login ID, ID, ID, all cities, countries and regions of residence, his mail, Telefon, etc can be stored in multiple tables. Access to this data is required if not on every page very often and everywhere to pull MySQL selecting data, albeit universal, not very much.

The question arises, whether to store the whole packet data tying them to the sessions and how to make it more versatile in order to then easily pull this data.

Ie to write to the table:

session_id | serialize_data

or otherwise somehow?

All your favorite PHP )
by | 6 views

5 Answers

0 like 0 dislike
That is, duplicate data in database, by implementing their own mechansim store the session data? IMHO, not worth it, unless someone has very specific requirements — or pull the database on each request or pull them only for authentication and use standard tools sessions to save the collected data from DB for further use
by
0 like 0 dislike
1. Session data is temporary, that proceed from this.
2. The question, apparently, we are talking about persistent data — store them in user profiles in the database.
3. If you want to pull database, although there is nothing wrong, do the caching.
4. PHP has built-in session mechanism, your no need to invent. Bekende may be different files, database, memcached, you can implement your.
by
0 like 0 dislike
Why? If I am almost sure, the same data are stored in a table nearby. Keep only the information which allows to recognize the user and his unfinished session, and as a result and recover data in $_SESSION in Your application.
by
0 like 0 dislike
I think you in the right direction, that's just a session a bit wrong.
Why forget?
\r
Let's remember the cause-and-effect relationship: the Session is the object of someone of a particular user (previously authentifizierung), thus saving the user's data in session you violate cause and effect.
\r
I suggest to use the following:
To create a static class (I think this is possible in PHP. In .NET is responsible for this System.Threading.Thread.CurrentPrincipal). And the current user to put in the value of a property of a static class. (Yes, there is a possibility not authorized to substitute data, but on the other hand can be impersonalization (impersonation). And the value to organize as a structure that could be serialized.
\r
Serialization of this structure is necessary for what would then encrypt the result (there are nuances), and in view of the INDIVIDUAL Cookie to put on the user side. And when prompted to check the cookie's value, and restores the value of the property as aforesaid of a static class.
\r
This approach will simplify the user authentication after restarting the application (because the session is an object in memory).
\r
Important points:
1. Not proper use of encryption can lead to security issues (the value of an encrypted data, you can save and use again)
2. Not to forget about synchronization data and to consider the fact that during operation there may be times when data is out of synchronization
(Someone in the database has changed, and the user still uses the old dataset. Curing can login/logout, if you were straight).
\r
There are questions, please contact us.
by
0 like 0 dislike
Authorized is Received from the database all the necessary information — Recorded them in $_SESSION Until the user logs off from the site pull $_SESSION
by

Related questions

0 like 0 dislike
6 answers
0 like 0 dislike
2 answers
0 like 0 dislike
2 answers
0 like 0 dislike
1 answer
0 like 0 dislike
2 answers
110,608 questions
257,186 answers
0 comments
23,074 users