OM The Eternity
Reputation: 16234
Is it a good practice to carry DB values in session variable or in a cookie?
Is it a good practice to carry DB values in session variable or in a cookie?
Upvotes: 0
Views: 112
Answers (2)
zaf
Reputation: 23264
It all depends on what these values are and/or the quantity of data.
For example, You wouldn't store a password or a huge BLOB of data in a cookie.
Sticking with a session id in the cookie is usually the best practice.
Upvotes: 0
Arkh
Reputation: 8459
It's a usual practice to save some values as session variables (like the user ID), not in cookie as a cookie can be changed by the user. Just remember to regenerate the session ID when your user's rights changes (login, logout, goes on admin page etc.) to avoid session hijacking problems.
Upvotes: 3
Related Questions
- Storing user session variables in file vs in database
- Where to store information using php - Best Practice
- save basic information in a cookie or get in mysql all the time?
- Should I store non-sensitive info in database or cookie for reducing load time?
- $_SESSION, wise to use to hold data?
- PHP, which is the better way between storing data into session and database?
- What to store in a session
- session variables vs database
- Good practice for storing and retrieving session values in PHP
- Cache data in PHP SESSION, or query from db each time?