$_SESSIONS and storage or database

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
mikebr
Forum Contributor
Posts: 243
Joined: Sat Sep 28, 2002 7:05 am

$_SESSIONS and storage or database

Post by mikebr »

I have just started trying to get my head around sessions and have a couple of questions, one that I can’t seem to find an answer to in the manual or elsewhere and the second is asking for advice storage or repeat database connections:

1) How much information or number of variables can a session hold?

2) This question relates to using the session to store information or make repeat connections to the database to retreave the information. Say I have a MySQL database of cottages and each cottage holds different items or values like say rooms, beds, baths, garage and discription, when a search is performed various cottage information is loaded into "Web page" tables, each cottage information table has a button to open another page with say images and full information on that cottage, would it better to pass this information from the table page to the image page in the session or is it acceptable to pass “ignoring the security issues” say a password, login and cottage ID between the pages and use that information to propagate the variables on the next page? There are about 10 small variable values and a 250 letter text value.

Thanks
fractalvibes
Forum Contributor
Posts: 335
Joined: Thu Sep 26, 2002 6:14 pm
Location: Waco, Texas

Post by fractalvibes »

Well, I speak from mainly ASP perspective, but I think it would hold true in the PHP world as well.

Pass only what you need to via session variable. i.e. cottage ID and
set a session variable to simply indicate whether they are logged in or not.
Set the logged in var when they actually log in and make no further reference to username/password. For that matter, cottage ID could just be passed as a querystring var. Check you session "logged in" var at the top of the page and redirect elsewhere if it is false(or == "").

Phil J.
mikebr
Forum Contributor
Posts: 243
Joined: Sat Sep 28, 2002 7:05 am

Post by mikebr »

So I take it that it is the accepted norm to make a connection to the database to retreave the same information about a cottage while moving from page to page rather than passing it on in POST, GET or session variables.

Thanks
fractalvibes
Forum Contributor
Posts: 335
Joined: Thu Sep 26, 2002 6:14 pm
Location: Waco, Texas

Post by fractalvibes »

That is fairly typical. There are some limits to how much can be passed
via querystring, and don't forget that the end-user can easily muck around with those values themselves.

If the cottage page is the action of a form on the search page, then the form variables are available to the next page. If you are simply redirectling, I think that is not the case.

If the search page contains all the same info as the cottage page, then there is no point - I take it that you are just listing a very brief synopsis of each cottage returned in the search, so you are going to have to hit the database anyway to "drill down" to more detail on the cottage page.
So - might as well just store the cottage ID as a session variable...cleaner that way, I think.

Phil J.
mikebr
Forum Contributor
Posts: 243
Joined: Sat Sep 28, 2002 7:05 am

Post by mikebr »

Great. I think I am clearer on this now.

Thanks for the pointers
Post Reply