Why is it good save to save sessions in the database?
It doesn't improve security in any way.
The most common and reasonable pattern to store sessions in database is when you have several frontend servers, so you need a shared session storage for them.
For downvoters: a file in filesystem isn't less secured than a record in database.
Is it a good practice to save an object in a session?
There are few things you need to consider while you deal with session.
You should not store vary large values in session.
i think this is not a problem in your case as preferences are usally small enough.
When you store object in session. you might not get realtime updates. as for example lets say same user is logged in using two separate browsers and/or machines and modify preferences in one. in this case other one will not have the updated customization. its not a big problem but depends on your requirements.
I don't see any other problem here. in fact its valid and good solution to store small values in session and avoid db queries.
Why we need to store session in database codeigniter 3.0?
There is no big deal with it. It means there is no any Security Reason for it
Main purpose of this is store user logins, and managing those.
CREATE TABLE IF NOT EXISTS `ci_sessions` (
`id` varchar(40) NOT NULL,
`ip_address` varchar(45) NOT NULL,
`timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
`data` blob NOT NULL,
PRIMARY KEY (id),
KEY `ci_sessions_timestamp` (`timestamp`)
timestamp will gather the user logging time. So you can get detail about how many time user log in to site
Codeigniter Store Session
why is it good save session in database
what's the best way to save sessions in a database?
I use DB sessions all the time with Zend and Symfony so its definitely viable, there will be a cost of course but most likely nothing significant.
Normally the way these handlers work is to use
session_set_save_handler that way it works as normal except for the actual function called which writes the data. However pay attention to the warnings about object destruction.
Trade off between user data in session vs database?
If the data you're talking about is being used on each and every page load then storing it in the session will likely be OK. If most of this data is not used on every page load, then storing it in the DB (I.E., running queries every time) is likely the way to go. You can also use a session cache (something like memcache) to query the data 1 time per session, then grab from cache the next time. The problem with storing stuff in session is that each and every pageload this data is in memory, which, if it's a significant amount of data, can severely effect the load on your server if you have a lot of connections or long running connections.