php - identifying alternative to session for keeping user logged in? -
hey guys hoping me out
im doing practice project in php (making forum), , trying decide on mechanism keep user logged in. ive created user class, through user authenticated (on sign in) , future user account related operations through class (i.e user related info retrieval, when user makes post/comment, etc)
to keep user logged in, easiest path seemed to use sessions , store user object in session (not cookies since security risk), after doing research found out sessions can put huge load on system, specially if large amounts of data saved in them.
after trying figure out solution came 2 alternatives:
1: put user id in session, , through user id remake user object each time. again, seems bad implementation since database have re-queried each time.
2: save user id in session (once user has logged in ofcourse), , save whole object in cookie, , each time before using cookie, authenticate cookie matching user id in session user id in cookie. im not quite sure how cookies work, since critical user info may stored in user object (hence cookie), there kind of security risk here? can cookies stolen?
or there alternative better? whether different way use sessions or cookies, or use method different session , cookies?
i go for:
1: put user id in session, , through user id remake user object each time. again, seems bad implementation since database have re-queried each time. and turn on mysql query cache make frequent queries faster. dont recommend $_session if data huge (but how big data actually?)
Comments
Post a Comment