Databases
StackOverflow2013
Postsdbo
POCreating custom PHP Session handler?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POCreating custom PHP Session handler?
    text
    copied!<p>Right now I'm stuck between using PHP's native session management, or creating my own (MySQL-based) session system, and I have a few questions regarding both.</p> <ol> <li><p>Other than session fixation and session hijacking, what other concerns are there with using PHP's native session handling code? Both of these have easy fixes, but yet I keep seeing people writing their own systems to handle sessions so I'm wondering why.</p></li> <li><p>Would a MySQL-based session handler be faster than PHP's native sessions? Assuming a standard (Not 'memory') table.</p></li> <li><p>Are there any major downsides to using <code>session_set_save_handler</code>? I can make it fit my standards for the most part (Other than naming). Plus I personally like the idea of using <code>$_SESSION['blah'] = 'blah'</code> vs <code>$session-&gt;assign('blah', 'blah')</code>, or something to that extent.</p></li> <li><p>Are there any good php session resources out there that I should take a look at? The last time I worked with sessions was 10 years ago, so my knowledge is a little stagnant. Google and Stackoverflow searches yield a lot of basic, obviously poorly written tutorials and examples (Store username + md5(password) in a cookie then create a session!), so I'm hoping someone here has some legitimate, higher-brow resources.</p></li> <li><p>Regardless of my choice, I will be forcing a cookie-only approach. Is this wrong in any way? The sites that this code will power have average users, in an average security environment. I remember this being a huge problem the last time I used sessions, but the idea of using in-url sessions makes me extremely nervous.</p></li> </ol>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload