Page 1 of 1

$_SESSIONS and storage or database

Posted: Tue Feb 18, 2003 3:48 pm
by mikebr
I have just started trying to get my head around sessions and have a couple of questions, one that I can’t seem to find an answer to in the manual or elsewhere and the second is asking for advice storage or repeat database connections:

1) How much information or number of variables can a session hold?

2) This question relates to using the session to store information or make repeat connections to the database to retreave the information. Say I have a MySQL database of cottages and each cottage holds different items or values like say rooms, beds, baths, garage and discription, when a search is performed various cottage information is loaded into "Web page" tables, each cottage information table has a button to open another page with say images and full information on that cottage, would it better to pass this information from the table page to the image page in the session or is it acceptable to pass “ignoring the security issues” say a password, login and cottage ID between the pages and use that information to propagate the variables on the next page? There are about 10 small variable values and a 250 letter text value.

Thanks

Posted: Fri Feb 21, 2003 9:31 pm
by fractalvibes
Well, I speak from mainly ASP perspective, but I think it would hold true in the PHP world as well.

Pass only what you need to via session variable. i.e. cottage ID and
set a session variable to simply indicate whether they are logged in or not.
Set the logged in var when they actually log in and make no further reference to username/password. For that matter, cottage ID could just be passed as a querystring var. Check you session "logged in" var at the top of the page and redirect elsewhere if it is false(or == "").

Phil J.

Posted: Sat Feb 22, 2003 2:37 am
by mikebr
So I take it that it is the accepted norm to make a connection to the database to retreave the same information about a cottage while moving from page to page rather than passing it on in POST, GET or session variables.

Thanks

Posted: Sat Feb 22, 2003 8:47 pm
by fractalvibes
That is fairly typical. There are some limits to how much can be passed
via querystring, and don't forget that the end-user can easily muck around with those values themselves.

If the cottage page is the action of a form on the search page, then the form variables are available to the next page. If you are simply redirectling, I think that is not the case.

If the search page contains all the same info as the cottage page, then there is no point - I take it that you are just listing a very brief synopsis of each cottage returned in the search, so you are going to have to hit the database anyway to "drill down" to more detail on the cottage page.
So - might as well just store the cottage ID as a session variable...cleaner that way, I think.

Phil J.

Posted: Sun Feb 23, 2003 7:27 am
by mikebr
Great. I think I am clearer on this now.

Thanks for the pointers