Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m trying to figure out if it is better to store my user’s data in a session cookie (like password, username, etc), and update that cookie only when I change the MYSQL database from my PHP,
OR
Store the user’s username and user ID in a session cookie and reach out to the MYSQL database every time I need to get the user’s data.
Which one is the better method..? I’ve never actually set up a login system so any advice would be much appreciated.
A session and a cookie aren’t the same. A session simply stores its session ID in a cookie (client-side) and all the session data on the server. I presume you really meant session where you used the word ‘cookie’.
Moving ahead to answer your actual question, it’s perfectly fine and safe to store most user details in the session. You should never need to store the password in a session though, since you use it only for authentication. Apart from that, it’s ideal to cache frequently used user data (things that you may display on every page) in your session to save trips to the DB.
The concern that Chris mentioned – changes to user data – is almost non-existent, because user data will (should) not be modified by anyone except the user himself, in which case you can update the session along with the DB.