PHP Session Data

[per1os]

Hi All,

 

This is my first post here so I will try to be as helpful as possible on what I am looking at. Currently I am revamping a website of mine to increase speed, usability and offer more features for the end user. In the past when I coded for a company who required ASP they passed variables via the Session array.

 

Now my site is not "Top" security, if someone's account is breached well I have a problem, but nothing major. I want to keep the session data alive, and I keep the session hash for a user in the database until their cookie expires or they logout at which time it is flushed from the system. In the past I always ran a query to grab the users data from MySQL, but I see that as a waste of "unnecessary" processing time. Thus I decided to look into storing that users data in a class that is housed in the session.

 

The only "problem" I foresee is that if an administrator modify's that person's account for whatever reason I have no real way to check and make sure their session is up-to-date other than creating a new db field "isDirty" which in return would require another DB call to check that single field every time. Now would that 1 field return call each time be better than returning 15 fields each time? Another option would be to place isdirty in the session table on SQL and check against that.

 

I do not know if anyone has a suggestion for me or not, I am kind of just brainstorming and looking at my options as I want it to be done correctly.

 

Here is my background:

I am a 22 year old male PHP coder for 7 years, .NET 2 years, and SQL 8 years. I consider myself advanced in coding PHP and SQL.

 

My Server is running on Linux RedHat 7.3 with PHP 4 installed on Apache 1.3.

 

Any suggestions are welcomed and would love to get some better ideas. Thanks!

 

--FrosT