0

Using the jQuery load function, i made it to where only the body of the website loads/changes. My header stays the same. Rather than accessing your database, say, 50 times and requesting the same information on different pages, could I just risk a longer original loading time and include a php file that has everything i need stored in session variables for a user's account? Are there any big security concerns for this or just any reason I am not seeing why this would be a bad idea? I am finding myself accessing the same variables over and over again (like a unique id) on various php pages.

Next Ninja
  • 1
  • And your concrete programming question is? – hakre Jul 28 '16 at 18:41
  • in the title, basically – Next Ninja Jul 28 '16 at 18:43
  • 2
    What is bad and what not highly depends on context and is subjective to answer. From the style you ask alone one might tend to say, yes it's bad, but I think this would be a bit unfair because I think you have a much more concrete question in the end. If you reword your question and perhaps limit/narrow it to a more concrete (technical) details this should be much better to answer. – hakre Jul 28 '16 at 18:45
  • Its okay (not really good) as long as you don't need to scale your application over multiple nodes. Otherwise you have to store the session in a centralized storage like memcache, redis or database. But in general, you should avoid storing much data in session. The session should only be used to identify the current user. Other data should be stored in other storages. – u-nik Jul 28 '16 at 21:20

2 Answers2

0

Sounds ok to me.

Consider if you need to synchronize and update the domain model (user account data) during access and want to resynch it to your client (view). What you describe however is common session behavior.

It sounds like you are doing it very low level, so you can go for this, without using a repository layer or dao or alike. Just read the date you need, be aware of concurrent access and ok. For read only it is perfectly fine way of caching it.

It is a good idea imho. What else would you do besides a session, preferably via https.

Consider the security guidelines made here: PHP Session Security

Community
  • 1
  • 1
Lemonade
  • 503
  • 2
  • 8
-1

Yes, it is a bad idea:

Can a user alter the value of $_SESSION in PHP?

http://c2.com/cgi/wiki?GlobalVariablesAreBad

Community
  • 1
  • 1
Caius
  • 243
  • 1
  • 5