Reputation: 2434
What data should I store in a PHP session?
I am building a small application that users can log into using CodeIgniter
My question is, when a user logs in, is it advisable to store a lot of the users personal information in the session (like their user id, name, email and telephone number). Or should I try leave personal information out and just keep their user id in the session only?
I don't want to have to make database queries constantly to get some or the users basic information.
Update
I will be using a database to store all their information, I just want to know when they log in, is it advisable to keep their data stored in a session as well as the database?
Thanks
Upvotes: 4
Views: 3637
Answers (3)
Reputation: 650
I'm not sure there is a right answer to this.
Storing data in the session is a wonderful trick, allowing easy access, but remember that depending on how you are writing the session data for persistence, you are still necessitating either the reading of a file, or a database to get the session data back!
Usually I store very basic information about the user, and their current session, in the session data. It is all data that is pulled from the database, stored in the session temporarily, and the session being blown away doesn't have any real effect, because they will be forced to log back in, and I will repopulate the data from the database.
The specific information you listed above, should be safe.
Before storing too much personal information though, make sure you understand the potential security issues around sessions. This SO question has some good information: PHP Session Fixation / Hijacking
Upvotes: 2
Reputation: 1629
You should only keep temporary data in sessions that tracks that current user. Anything else should stay hidden in the database until it's needed.
Upvotes: 6
Reputation: 8201
The session is not a reliable place to store data. Any time a user logs out (or just leaves their computer for an hour), their session is erased. Any information that you need to retain should be stored in a persistent data store (usually a database). The session is for information that is related to the user's current interaction with your site. That can include things like the user id of the logged-in user, flashes (one-time alerts that are shown on the next request, then erased), etc.
Basically, only store things in the session that you don't care about losing.
Also, don't worry about making database queries. You can deal with that later - if and when it becomes a real problem.
Upvotes: 2
Related Questions
- What things should be saved in SESSION and what should not be?
- Where to store information using php - Best Practice
- How to store session data into database in Codeigniter?
- What data should in I store in a session variable in Laravel 5
- best way to store session in codeigniter
- What to store in a session?
- Where should be data stored? Session variables OR Hidden fields?
- How to Store Session Data
- PHP - What data should we include in the session?
- What to store in a session