Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
NeoCode2016-05-22 23:26:34
PHP
NeoCode, 2016-05-22 23:26:34

Is it reasonable to store sessions in a database?

I'm learning php, in particular user authentication / authorization, and I thought about this question. The commonly accepted method of authorization seems to be sessions. By default, sessions are stored in files on disk. Different sources on the Internet have different opinions about whether this is good or bad ... someone thinks that this is a standard solution and therefore good; someone points out potential security and performance issues. It also mentions a multi-server organization, something with file locks (I haven’t figured it out yet), etc.
But I'm interested in the following. I would like to display a list of online users and generally have access to which users are online now and when they last accessed the site. Obviously, to do this, you can simply enter the time of the last access into the user table ... (by the way, this can be stored both in the mysql database and in some kind of fast key-value storage). This can be linked to sessions, but you can not link it. The tasks are very close, so the question is: how would you do it and why?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
I
IceJOKER, 2016-05-22
@IceJOKER

Sessions and the list of online users are somehow not connected, in order to show the list of online users, you need to update the last call to the server, and then you can display online for the last 15 minutes (in VK it seems like this).
And sessions - they are stored on the server and there is no access to them from the outside, and if they get access to it, then I suppose they will also get access to the database, so the security issue is the same here)

Report
S
spotifi, 2016-05-22
@spotifi

It depends on the load. It depends on your capabilities (can you configure the server for yourself as it should).
I would store sessions in Tarantool. This is such an In-Memory DBMS that flushes to disk.
It was created in Mail.RU primarily for storing sessions.

Report
A
Alexey Nikolaev, 2016-05-22
@Heian

potential security and performance issues

It's petty, and what is usually written by programmers is much more dangerous.
Would store session IDs in the database. You also mean it under "storage of sessions in a DB"?
If yes, then it is advisable if the functionality of the site requires it. It is quite possible to identify unlogged users by session, and thus store, based on the session, a list of goods in the basket, or, in your case, the last call to the server.
In the case of logged in users, I don’t see much point in storing sessions in the database.
If not, then it's pointless 99% of the time for the reasons noted above.

Similar questions
N
nickostyle2014-04-22 13:05:16
Is it possible to repost from social networks to the site? 9Reply
W
WebforSelf2021-03-23 23:45:26
How to start server after centos 7 backup, vestacp? 3Reply
P
Petr2016-06-23 10:33:40
Convert from HTML to PSD? 3Reply
A
Astral1004982020-09-25 14:08:44
How to clear a tab from a line? 2Reply
G
godpop2015-11-27 21:50:20
How to make ACL for users? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question