j.smith1981 Posted September 30, 2010 Share Posted September 30, 2010 I have a question thats been bugging me for a while. I have a system I am supposed to be developing, where a customer (actually a franchisee), goes into input all their sales for a certain period, a month in this case. So all their sales get recorded on a monthly basis, this could be quite confidential information so SSL is obviously adventagious (excuse spelling), but in the actual architecture of this system, would it be advisable to go for file system based sessions or mysql based sessions? I mean we do have our own server which I am planning on using this on, but because this is confidential information, say if a Franchisee was to deliberately hack the system I have developed or in essence, hack into the server and login and make it look asif a competitor has done worse than them. Which one is best file or mysql? Just for thoughts really, also if mysql is the best for this purpose, has anyone got any good tutorials or found any I could use? Would be quite interesting though. Thanks in advance for any replies, Jez. Quote Link to comment Share on other sites More sharing options...
ngreenwood6 Posted October 2, 2010 Share Posted October 2, 2010 Would you please clarify what you are referring to when you are saying mysql sessions and file system sessions. Do you mean storing the info in a database or in files? Or are you talking about storing the logged in users data while they are on the page? Quote Link to comment Share on other sites More sharing options...
trq Posted October 2, 2010 Share Posted October 2, 2010 I think the question is pretty clear considering session can be stored on either the file system or within a database. Where it gets unclear is I think the OP is relating the question to security in particular. If someone has broken into your server, I really don't think session data stored within a database is going to be any more secure than what is stored on the file system. Generally, you would use database session data storage only when you are looking for simple methods of tracking users around your site. eg; Who's currently logged in, what page are they on etc etc. For normal session usage, the file system is fine. Quote Link to comment Share on other sites More sharing options...
eran Posted October 7, 2010 Share Posted October 7, 2010 Sessions in the database or in the filesystem is not much a question of security as thorpe says, but more a question of scalability. For most sites having the sessions in the filesystem is the easiest and best option, however when you grow beyond a single server, sharing filesystem sessions between servers becomes very problematic. In this case sessions are usually moved to a database to which all servers have access to Quote Link to comment Share on other sites More sharing options...
j.smith1981 Posted October 11, 2010 Author Share Posted October 11, 2010 I am so sorry I havent replied to this. Ahh good thoughts on this though, I mean what I was under the impression of, was take a hosted web page with a hosting company for example. If someone was to hack into their file system (by what ever means of course), then if the sessions where filesystem based, they could possibly get in through that way. Having a session stored in a database, where they would be using different usernames and/or passwords than the account they got in through, would stop them looking at that, suppose though that doesnt really matter though as the company would need to firm up its security. Good thoughts though, Really helps allot thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.