Reputation: 93
PHP storing db credentials in session
Using PHP, is it alright to store database credentials in $_SESSION? I am looking for a way to avoid including config files every time I need to use config vars.
Upvotes: 0
Views: 95
Answers (1)
Reputation: 8621
I would suggest sticking with the config file, as it allows changes in real time, if you change the config then this data will change instantly for any users that are online, where sessions would have to be set again every time it's changed. Always including a config may be easier than you think.
You can include a file using a path from your directory root, like this:
<?php
include_once $_SERVER['DOCUMENT_ROOT']."/path/to/config.php";
?>
Where the path should be from your document root, basically from the root of your project. A lot of the time people keep this file in their root, so if your config file is at http://example.com/config.php
using this include will load it from any php file in your project.
<?php
include_once $_SERVER['DOCUMENT_ROOT']."/config.php";
?>
Also, as Qirel mentioned:
The config should be stored outside the public folders - only accessible by the server (and not directly in the browser).
Upvotes: 1
Related Questions
- How to store user data in a session?
- php store session variable in mysql database
- can Session be used to store secure info?
- Storing user data in sessions - from DB
- PHP & MySQL saving data from MySQL into SESSIONS in php
- How to store PHP Sessions in MYSQL database
- PHP Login, Store Session Variables
- How can I save sessions into mysql?