Forum Moderators: coopster
The main concerns I have with passing the info via sessions are:
How much info can one pass via sessions effectively?
And is it really the benefit that it seems to be in my head?
Thanks!
IamStang
yes, it really is
questions though
1. is this for a logged in section of the site?
2. how much data are we talking?
3. is this user specific data?
as an aside, I had a slow sign up page once and I couldn't figure it out. I started dumping vars trying to figure out what the genius programmer before thought was a good idea.
It seems his great idea was to stuff the full text of the User Agreement into the session once they agreed to it.
Once I stopped storing 60,000 chars into the session the signup process was lightning fast.
So sessions can take quite a bit ;)
And to jatar_k:
1. is this for a logged in section of the site?
2. how much data are we talking?
3. is this user specific data?
1 ... Yes
2 ... I am not completely sure as the whole of the code is not complete but would probably be around 150-200 characters.
3 ... Yes. However, none of the info is considered to be a security risk. (ie, no passwords, etc).
Thanks for your time folks!
IamStang
Or better to do:
$one =$_SESSION['one'];
$two =$_SESSION['two'];
etc.?
Thanks again!
>> Why would 60kb of session data slow you down that much?
they were reading the file into a var then outputting that var and also popping it into the session. They were dealing with the same chunk of data about five times, fools.
so logged in section
very small amount of data
user specific - I asked mainly because if it is site wide info then there is no point lugging it around in the session. Good call about the security but it isn't really too much of an issue, session info is stored on your server.
populate the session with the most common data that will be needed across the site at login. Users expect to wait a moment or two when they login to a site. Doing work at that time to speed up the rest of the site makes a lot of sense. Though stay away from data or information that is only needed in a small portion of the site or a single script, use a db hit there to grab that info.
Remember to make sure your sessions time out and to watch for session hijacking
I currently have my sessions to timeout after 15 minutes of inacivity.
I also have a piece of code that checks info (md5 of browser and a security code) stored in the session, a cookie and in the database.
Anything else I can do to guard against session hijacking?
Thanks again!
I usually time out after 5mins but that really depends on what people are doing and how sensitive data in the member's section is.
Your help is appreciated greatly!
