Why Is It Good Save to Save Sessions in the Database

Why is it good save to save sessions in the database?

It doesn't improve security in any way.

The most common and reasonable pattern to store sessions in database is when you have several frontend servers, so you need a shared session storage for them.

For downvoters: a file in filesystem isn't less secured than a record in database.

Is it a good practice to save an object in a session?

There are few things you need to consider while you deal with session.

  1. You should not store vary large values in session.
    i think this is not a problem in your case as preferences are usally small enough.

  2. When you store object in session. you might not get realtime updates. as for example lets say same user is logged in using two separate browsers and/or machines and modify preferences in one. in this case other one will not have the updated customization. its not a big problem but depends on your requirements.

I don't see any other problem here. in fact its valid and good solution to store small values in session and avoid db queries.

Why we need to store session in database codeigniter 3.0?

There is no big deal with it. It means there is no any Security Reason for it

Main purpose of this is store user logins, and managing those.

CREATE TABLE IF NOT EXISTS `ci_sessions` (
        `id` varchar(40) NOT NULL,
        `ip_address` varchar(45) NOT NULL,
        `timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
        `data` blob NOT NULL,
        PRIMARY KEY (id),
        KEY `ci_sessions_timestamp` (`timestamp`)
);

Ex :timestamp will gather the user logging time. So you can get detail about how many time user log in to site

Codeigniter Store Session

why is it good save session in database

what's the best way to save sessions in a database?

I use DB sessions all the time with Zend and Symfony so its definitely viable, there will be a cost of course but most likely nothing significant.

Normally the way these handlers work is to use session_set_save_handler that way it works as normal except for the actual function called which writes the data. However pay attention to the warnings about object destruction.

Trade off between user data in session vs database?

If the data you're talking about is being used on each and every page load then storing it in the session will likely be OK. If most of this data is not used on every page load, then storing it in the DB (I.E., running queries every time) is likely the way to go. You can also use a session cache (something like memcache) to query the data 1 time per session, then grab from cache the next time. The problem with storing stuff in session is that each and every pageload this data is in memory, which, if it's a significant amount of data, can severely effect the load on your server if you have a lot of connections or long running connections.


Related Topics

How to Use Echo Inside Echo

Clean Way to Throw PHP Exception Through Jquery/Ajax and JSON

Need Guidance to Start with Zend Acl

Natural Sorting Algorithm in PHP with Support for Unicode

Cosine Similarity VS Hamming Distance

Sending Messages from PHP to Node.Js

Phpmailer Sending Mail to Spam in Hotmail. How to Fix

Pdo::Exec() or Pdo::Query()

How to Give Apache Permission to Write to Home Directory

PHP Sessions to Authenticate User on Login Form

Differencebetween Is_A and Instanceof

Using Xampp, How to Swap Out PHP 5.3 for PHP 5.2

How Add Custom Validation Rules When Using Form Request Validation in Laravel 5

How to Minify Js in PHP Easily...Or Something Else

How to Retrieve All Variables from a Twig Template

Currency Conversion Using PHP

Getenv() VS. $_Env in PHP

Is an X-Requested-With Header Server Check Sufficient to Protect Against a Csrf for an Ajax-Driven Application


Leave a reply



Submit