MySQL Sessions or Filesystem Sessions

[j.smith1981]

I have a question thats been bugging me for a while.

 

I have a system I am supposed to be developing, where a customer (actually a franchisee), goes into input all their sales for a certain period, a month in this case.

 

So all their sales get recorded on a monthly basis, this could be quite confidential information so SSL is obviously adventagious (excuse spelling), but in the actual architecture of this system, would it be advisable to go for file system based sessions or mysql based sessions?

 

I mean we do have our own server which I am planning on using this on, but because this is confidential information, say if a Franchisee was to deliberately hack the system I have developed or in essence, hack into the server and login and make it look asif a competitor has done worse than them.

 

Which one is best file or mysql?

 

Just for thoughts really, also if mysql is the best for this purpose, has anyone got any good tutorials or found any I could use?

 

Would be quite interesting though.

 

Thanks in advance for any replies,

Jez.

[ngreenwood6]

Would you please clarify what you are referring to when you are saying mysql sessions and file system sessions. Do you mean storing the info in a database or in files? Or are you talking about storing the logged in users data while they are on the page?

[trq]

I think the question is pretty clear considering session can be stored on either the file system or within a database.

 

Where it gets unclear is I think the OP is relating the question to security in particular. If someone has broken into your server, I really don't think session data stored within a database is going to be any more secure than what is stored on the file system.

 

Generally, you would use database session data storage only when you are looking for simple methods of tracking users around your site. eg; Who's currently logged in, what page are they on etc etc. For normal session usage, the file system is fine.

[eran]

Sessions in the database or in the filesystem is not much a question of security as thorpe says, but more a question of scalability. For most sites having the sessions in the filesystem is the easiest and best option, however when you grow beyond a single server, sharing filesystem sessions between servers becomes very problematic. In this case sessions are usually moved to a database to which all servers have access to

[j.smith1981]

I am so sorry I havent replied to this.

 

Ahh good thoughts on this though, I mean what I was under the impression of, was take a hosted web page with a hosting company for example.

 

If someone was to hack into their file system (by what ever means of course), then if the sessions where filesystem based, they could possibly get in through that way.

 

Having a session stored in a database, where they would be using different usernames and/or passwords than the account they got in through, would stop them looking at that, suppose though that doesnt really matter though as the company would need to firm up its security.

 

Good thoughts though,

 

Really helps allot thanks!