Results 1 to 6 of 6
  1. #1
    Join Date
    Apr 2006
    Posts
    157

    Unanswered: What's the downside to multiple values in the session variable

    To everyone,

    Yup I'm planning to perhaps store a 2 column, 20 or so row array in the session variable...

    and I've been looking around for any downside to doing so


    any ideas?
    Only quitters quit!

  2. #2
    Join Date
    Mar 2007
    Location
    636f6d7075746572
    Posts
    770
    No downside. Make sure your session memory limitation doesn't stop you from doing this. I have worked with VERY large sessions in PHP that store a good amount of data there. However,
    Firstly: justify why you need to store this much data in the session (are these values constantly used throughout the site?)
    Secondly : considering using SERIALIZE() php function to put it altogether into a string format under one session value.
    e.g.
    Code:
    $str = "mystring";
    $int = 1;
    $var = array('1','2','furtherstring');
    $arr = array($str,$int,$var);
    $_SESSION['mysearchstuff'] = serialize($arr);
    There's no real benefit to serializing stuff as far as I know but I use it occasionally.

  3. #3
    Join Date
    Apr 2006
    Posts
    157
    i try to check user authorization on each page... so instead of querying the database on each page load... i just wish to query the whole array of permitted pages upon log on and just check the session variable each time for each page.
    Only quitters quit!

  4. #4
    Join Date
    Mar 2007
    Location
    636f6d7075746572
    Posts
    770
    So when the user authenticates they have a set of pages loaded into the session that they're "allowed" to utilise. So on each page you're checking the current page name against what's in their session array to see if it's a valid option. Ok that's fine, and sounds like it should work.

    However, how are you storing these "page" values/names and what happens when you add another page to your website? For EVERY user that needs it do you have to update their respective database column entries?
    What does your database DDL look like?

  5. #5
    Join Date
    Apr 2006
    Posts
    157
    i'm actually maintaining groups, right now divided into

    something like admin/ - for higher levels

    encoders - for the users of the full system

    and viewers for those external to the dept.

    so it's similar to ms access authorization on objects...
    however, i'm still considering the addition of a further table that would hold user accounts versus specific pages that the would have specific denial

    that would be similar to windows' approach on folder/file security...

    an advisor of mine insists there's a downside to maintaining multi vars in the session var... and i've yet to see something on this point...
    Only quitters quit!

  6. #6
    Join Date
    Mar 2007
    Location
    636f6d7075746572
    Posts
    770
    I would be interested to hear his argument for this. Just saying there's a downside doesn't make it so. He needs to back up this comment with a proof of concept or some example of it failing.
    an advisor of mine insists there's a downside to maintaining multi vars in the session var

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •