Page 1 of 1

sessions

Posted: Wed Nov 01, 2006 9:44 pm
by murlopaz
hi everybody,
I have a member area on my website.
The user is supposed to register before accessing the member's area.

When the user registers he is brought to another page where he can pay for 1/3/6/12 months or get one trial day.

My question is: do I create a session when the user registers? The reason being is that I don't want user to access the payment page directly

I have a session when a user logs in ofcourse...

What do you guys think?

Posted: Thu Nov 02, 2006 6:58 am
by feyd
yes.

Posted: Sun Nov 05, 2006 1:54 pm
by nameless1
store your data in the database and not the session. the only login information you should store in the session is user_id and any other generic user data such as user_name. You should not create a session that is meant to last for a long period of time it is bad for security and data integrity.