gibbo1715 Posted May 2, 2010 Share Posted May 2, 2010 Hi All I am playing around with various ways of managing access to the pages on my site and one thought came to mind What is the best way to manage the security, shoudl i call the information from a database each time or use cookies, is there an agreed best way to do this, Im not used to php yet but somehow calling a database seems more secure (Until someone tells me different) im also after a really good free user/ usergroup management system i can learn from so if anyone can suggest anything it would be appreciated, im not after a full cms, just a security management system i can learn from Many Thanks gibbo Quote Link to comment https://forums.phpfreaks.com/topic/200475-where-is-best-to-store-user-info-for-a-secure-area/ Share on other sites More sharing options...
litebearer Posted May 2, 2010 Share Posted May 2, 2010 Yes use database to store the info (username, password, etc) look into SESSIONS at top of each secure page - start sessions, then check to see if a SESSION variable for user has been set (set the session user variable duing your SUCCESSFUL login processing script. Quote Link to comment https://forums.phpfreaks.com/topic/200475-where-is-best-to-store-user-info-for-a-secure-area/#findComment-1052023 Share on other sites More sharing options...
gibbo1715 Posted May 2, 2010 Author Share Posted May 2, 2010 thanks for the reply, so instead of calling the database each time I load a page and checking the access level of the user it is better to call that information once and store the information in a session and then check the session on each page ( If im reading your reply right), that makes sense Many Thanks Gibbo Quote Link to comment https://forums.phpfreaks.com/topic/200475-where-is-best-to-store-user-info-for-a-secure-area/#findComment-1052024 Share on other sites More sharing options...
roopurt18 Posted May 2, 2010 Share Posted May 2, 2010 I typically only store the users UserID in the session. If UserID is not in the session, then the user is not logged in. If UserID is stored in the session then it is the primary key of the user's data in the database and I can pull it in with a query on each page load. I would not concern myself with the overhead of running a similar query on each page load. The database has a query cache in memory that it will return results from if the query is frequently run. Consider that sessions are [by default] stored as files on the server. Anything you store in the session is therefore stored in a file. If you're on a shared hosting account then you don't know who or what has access to these files. You also don't know when a backup might kick off and anything in those files might even be backed up and sent to who knows where. Just be careful about what you store in sessions. Quote Link to comment https://forums.phpfreaks.com/topic/200475-where-is-best-to-store-user-info-for-a-secure-area/#findComment-1052031 Share on other sites More sharing options...
gibbo1715 Posted May 2, 2010 Author Share Posted May 2, 2010 great, thanks for the reply, that answers my question and sort of is what i expected if i ve got it right i.e. store the primary key of the user in the session and then query the database for the rest when a new page is called to ensure security in maintained. Thats more in line with what im used to thanks again Gibbo Quote Link to comment https://forums.phpfreaks.com/topic/200475-where-is-best-to-store-user-info-for-a-secure-area/#findComment-1052035 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.