Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a log in system where a user can check the “Remember me” option. When the user checks that option, I store the session_id into a cookie and write his session_id, ip, browser info, etc into a database session table. So when the user comes back, I make sure the cookie has not been faked based on session_id/ip/browser/etc that is stored in the session table.
Now that seems like it might be a lot of overhead and db writing. Is there a better and secure way to do it without so much overhead?
It’s a trade-off: when the data is not being stored in a database, it ends up hitting the server’s local filesystem where PHP stores the session data. Phrased a different way: what is slower? One random access database hit or one random access disk hit?.
I find storing the session to the database to be a more elegant solution as it’s easier to track users and their sessions than guessing based on file system contents. It also allows you to manually log off a user at any point or simulate logon sessions (one time password resets).
If you’re using MySQL, set engine for the “session” table you’re using to MEMORY and you’ll always have an extremely fast lookup that shouldn’t affect user experience.