Session vs. Database Query [closed]

0

Well, I'm in doubt here.

Inside my control panel, I will need to get the user id, email, password (just to change password) name, name, etc ... Ideally it would save this all in one session at the time of login or always I need this, do I refer this directly to the database?

Please do not consider this as a question that will have an answer based on opinions. I really need this push to be able to continue my project!

Thank you.

    
asked by anonymous 18.12.2017 / 16:24

1 answer

2

There are problems storing lots of data in sessions.

One of them is server performance. Each session that you create in php has its content serialized and when the conversion is done this generates a cost. If you have multiple sessions to be deserialized you increase this cost. And there you add it to many users browsing your page at the same time ...

Another thing is security. There is an attack called Sesssion Hijacking that tries to catch the cookies created by the server. So if you just do not do a check or authentication with the bank on every user request on your site, your application is very vulnerable.

The ideal is to create a session with a hash of an id and retrieve the information in that user's database.

    
18.12.2017 / 18:28