I’m building a basic application and I’m trying to figure out how I can pass the user information from login.php to index.php. Here’s what I got so far: I have a login page that submits and authenticates the user through the database through a user class. After that, the user properties are set to the values that are returned from the database. From there the id is stored in a session. How would I go about accessing user information from page to page. Should I just build a construct method to query the database with the session id? Is that a safe or valid approach? An example would be stack overflow. The way you can see your username at the top of every page.
Share
Sounds like you have the general idea of session handling down. So you’re just asking what method is secure, or optimized or whatever.
It is common to store as little info in the session or cookie as possible so you don’t open your users up to simple fishing hacks. So ideally that means you have a session table in the database that you can cross reference with the session id.
Yes, you would run a query on every page load, but that’s not really that much overhead on a standard site. And it is not unsecure so long as you properly sanitize your input. That way you won’t be brought down if the user manipulates their session info.
Alternatively, if you’re just using the user id and a username, you can safely store those in the session and avoid a query on every page load. Just don’t go nuts filling session or cookie data up with extremely long arrays filled with uncommonly used information.