I have a pretty big PHP class instance with quite a lot of methods and potentially including semi-sensitive data that I would need to be able to access through AJAX. I've read about and successfully tested $_SESSION to transfer the class and object, but there seem to be some security concerns. Eg. see How safe are PHP session variables?, and PHP Session Hijacking.
Previously I 'solved' this by simply require'ing the class and re-instantiating the object on every AJAX call/ or making those methods I needed static (after checking for a token and a constant), but I feel like this should be quite performance-heavy (how long does it take for PHP to initialize an object which reads in 200+ JSON/XML files?).
Another option I see is serializing the data in a temp file, but really I have no idea nor experience of what is the best way to go from a performance vs security point of view... Any help will be appreciated, thanks.
