StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POIdentifying alternative to session for keeping user logged in
primarykey
Id
10899952
data
AcceptedAnswerId
10900071
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-06-05T15:11:52.267
FavoriteCount
1
LastActivityDate
2017-09-18T16:08:20.883
LastEditDate
2017-09-18T16:07:28.093
LastEditorUserId
1549818
OwnerUserId
1263145
ParentId
0
PostTypeId
1
Score
0
ViewCount
672
LastEditorDisplayName
text
Body
I'm doing a practice project in PHP (making a forum), and trying do decide on a mechanism to keep a user logged in. I've created a user class, through which a user is authenticated (on sign in) and all future user account related operations will be through that class (i.e user related info retrieval, when a user makes a post/comment, etc). To keep a user logged in, the easiest path seemed to be to use sessions and store the user object in a session (not cookies since that would be a security risk), but after doing some research I found out that sessions can put a huge load on a system, specially if large amounts of data is saved in them. After trying to figure out a solution for this I came up with two alternatives: <ol> <li>Put only the user ID in the session, and through the user ID remake the user object each time. However again this would seem to be a bad implementation since the database will have to be re-queried each time.</li> <li>Save the user ID in the session (once the user has successfully logged in ofcourse), and save the whole object in a cookie, and each time before using the cookie, authenticate the cookie by matching the user ID in session with the user ID in cookie. I'm not quite sure how cookies work, but since some critical user info may be stored in the user object (hence the cookie), is there some kind of security risk here? Can cookies be stolen?</li> </ol> Is there another alternative which is better? Whether it be a different way to use sessions or cookies, or to use some method completely different from session and cookies?
Tags
<php><session-cookies>
Title
Identifying alternative to session for keeping user logged in
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USgrg
UserOwnerUserId
1. USAhmed-Anas
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POIdentifying alternative to session for keeping user logged in
 UserUserId
 USPeterG
 VoteTypeVoteTypeId
 VTFavorite
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.