1

I have user information which I need to use in different places on the web application, stuff such as email, name, user settings, and so on and so forth.

The question I want to ask, is it wise to do so, or is it a huge waste of memory? and if it's not wise to do so, are there other things which I can do which could solve my problem?

Thank you.

Improve this question

3 Answers 3

Reset to default
3

Store anything you need there, as long as you remember that it is kept on the server and will be retrieved for each page load in the session.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

... and you need to refresh the session data should the user change any of their settings in the database.
yes, i know that's the case, is it a good practise or is it better to send new queries each time?
Make a simple solution first, and if you get performance problems, measure, change, measure again...
0

It's usually considered bad practice to store too much in the session as the house-keeping that the server has to perform starts to add up when you've got many users. You only really need to store a user id in the session then you can pull everything else out of a database.

Improve this answer

1 Comment

but if i store only the uid in there, that means that for every new page i have to send a db query, and if that's the case i waste alot of cpu resources, isn't that the case?
-1

Why not using Cookies??

Improve this answer

4 Comments

Cookies are usually not a good alternative, because they get transferred to the client in every request. That creates traffic overhead, and security concerns.
Cookies could be used, but if so the developer needs to be especially careful of what data they store in them. Any inconsequential data, not crucial to the proper function of the application, would be ok. However, storing something such as an "is_admin" flag in them, extremely bad idea.
hehe change it to true -- yay im an admin :-D
A cookie can be manipulated by the end-user so shouldn't be used to store anything privileged, which reduces their use to nothing more than a client-side storage for a session key, in most cases. Even then the session key should be validated against some other user data, such as IP address.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.