Jump to content

when to set $_SESSION variables?

frijole

By frijole
in PHP Coding Help

 Share

Recommended Posts

jbrill Regular Member

jbrill

Posted
Posted

once the form for the login is processed, checked against db records to make sure the login info ect. matches do the following:

 

//if the login is successful create variable 
$logged = 1;

if($logged==1)
  {
   $_SESSION['userid'] = $uid;
   $_SESSION['username'] = $uname;
  }
  else {
          echo 'could not login';
          }

i usually include session_start() in my header at the top, so it appears on every page

 

i never tested this code out, but its just a very basic example

 

 

jbrill Regular Member

jbrill

Posted
Posted

Do not store their password in the session.  The only item you need in the session to keep track of which user it is and if they're logged in is the user_id.

 

yea, i normally have 2 sessions running:

$_SESSION['userid'] this is so i can easily pull suer information

$_SESSION['logged']==1 if logged is equal to "1" then the users is allowed access

phpSensei Advanced Member

phpSensei

Posted
Posted

People use ID and Logged for different things actually...

 

Just setting a normal session after the user logs in is enough, but

 

If you don't want to access your DB ALL the time, to get the user id, or username, or a certan field, you put them in the session instead when the log in. True you don't need $_SESSION['is_logged'], but you can use it for the sake of clarification, and organizing your data through out your pages.

phpSensei Advanced Member

phpSensei

Posted
Posted

You know, just do, and you dont need to pull it out of the db for the user id, and username. You can put more of the info in the sessions, but that can cause security problems if you dont handle them well.

 

$_SESSION['logged_in'] = true;
$_SESSION['username'] = $username;
$_SESSION['user_id'] = $userid;

 

I am using those vars so you dont need to pull them out of the DB all of the time, saves you alot of time. ALOT!

roopurt18 Advanced Member

roopurt18

Posted
Posted

You know, just do, and you dont need to pull it out of the db for the user id, and username. You can put more of the info in the sessions, but that can cause security problems if you dont handle them well.

...

I am using those vars so you dont need to pull them out of the DB all of the time, saves you alot of time. ALOT!

This is true, but I recommend against it.  The reason is you now have data duplication.  If you store the user's email in the session and the user updates their profile, you now have to remember to update it in the session or anywhere else you've temporarily stored it.  The more you duplicate data in this manner the more likely you are to forget to update the data and introduce a bug in your program.

 

By storing just the user's id you can query any information for the user either when the page loads or just on pages that use it.  This is the practice I use and I don't find that it creates any performance issues while it does make my code easier to maintain and less cumbersome.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.