How is the user's session properly checked?

W

w_b_x2018-02-13 22:15:51

PHP

w_b_x, 2018-02-13 22:15:51

Good time, dear toaster!
Sessions are on my cookies, when registering, a user is created in the mysql database, with a hash, salt and a session that is created like this: md5(user_id + mail + salt) , the user is assigned in cookies:
User_id - record id from the
Session database - actually the md5 string ( user_id + mail + salt)
Question:
When navigating through the pages, you need to check whether the user has valid data and therefore access the database. I don’t want to load it once again, how to do it the right way? Can make a hash that can be verified without a db? (ala user_id+public_key (hanging in cookies) +private_key (known only to the server to authenticate the first two keys). Is it safe to do this? How do you do it?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Entelis, 2018-02-13
@w_b_x

1. You still need to make 5 - 10 - 100 requests to the database to assemble the page.
Another extra request does not play a role at all.
2. If the project is very loaded, it is quite appropriate to move the storage of these tokens to some redis.