V
V
vitovt2010-09-30 00:23:22
PHP
vitovt, 2010-09-30 00:23:22

Should I store user data in sessions?

And the real question is how best to do it.

Ie, for example, I authorize the user on the site, create a session and write down its ID in the cookie.

Further, the user has a bunch of data, his login, ID, ID of all cities, countries and areas of residence, his mail, phone, etc. All this can be stored in several tables. Access to this data is necessary, if not on every page, then very often and everywhere, pulling MySQL to select the necessary data, albeit universally, is not very desirable.

The question arises whether it is worth storing the entire bundle of data by binding them to sessions and how to make it more universal, so that later it is easy to pull out this data.

Ie write to the table:

session_id | serialize_data

or otherwise somehow?

All in your favorite PHP)

Answer the question

In order to leave comments, you need to log in

5 answer(s)
V
Vladimir Chernyshev, 2010-09-30
@VolCh

That is, to duplicate data in the database by implementing your own mechanism for saving session data? IMHO, it’s not worth it if there are no very specific requirements - either pull the database with each request or pull it only during authentication and use standard session tools to save the data received from the database for further use

Y
yaidiot, 2010-09-30
@yaidiot

1. Session data is temporary, build on that.
2. In the question, apparently, we are talking about permanent data - to store them in user profiles in the database.
3. If you do not want to pull the database every time, although there is nothing wrong with that, do caching.
4. PHP has a built-in session mechanism, you don't need to invent your own. Backends can be different - files, databases, memcached, you can implement your own.

S
schursin, 2010-09-30
@schursin

What for? If, I'm pretty sure, the same data is stored in a table nearby. Store only information that will allow you to recognize the user and his incomplete session, and as a result, restore data in $_SESSION of your application.

A
Angelina_Joulie, 2010-09-30
@Angelina_Joulie

You think you are in the right direction, only you made a mistake with the session.
Why forgot?
Let's remember the cause-and-effect relationship: A session is an object of a specific user (previously authenticated), so by storing user data in the session, you violate cause and effect.
I suggest using the following:
Create a static class (I think this is possible in PHP. In .NET, System.Threading.Thread.CurrentPrincipal is responsible for this). And the data of the current user is added to the value of the property of the static class. (Yes, there is the possibility of unauthorized data substitution, but on the other hand, impersonation can be carried out. And the value itself can be organized as a structure that could be serialized.
The serialization of this structure is necessary in order to encrypt the result after that (there are some nuances there) and put it on the user's side as a SEPARATE Cookie. And when requested, check the value of the cookie, and restore the value of the property of the above static class.
This approach will make it easier for you to authenticate the user after restarting the application (after all, the session is an object in memory).
Important points:
1. Incorrect use of encryption can lead to security problems (the value of encrypted data can be saved and reused)
2. Do not forget about data synchronization and take into account the fact that during operation there may be moments when data is out of sync
(Someone in the database has already changed, and the user is still using the old data set. You can treat login / logout, if it’s “vlob”).
There will be questions, please contact.

N
Nikolai Vasilchuk, 2010-09-30
@Anonym

Authorized - Received all the necessary data from the database - Recorded them in $ _SESSION - Before the user exits the site, pull $ _SESSION

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question