Caching variables in the $_SESSION variable?

Question

I\'m making a php web application which stores user specific information that is not shared with other users.

Would it be a good idea to store some of this information i

Answer 1

This would be an appropriate use of the session mechanism as long as you keep this in mind:

• Session does not persist for an indefinite amount of time.
• When pulling from session, ensure you actually got a result (ASP.NET will return NULL if the Session has expired/cleared)
• Server restarts may wipe the session cache.
• Do this for convenience, not performance. For high-performance caching, choose an appropriate mechanism (i.e. memcached)

A good usage pattern would be like this (ether cookies or session):

• User logs in
• Store preferences (background color, last 10 records looked at, categories) in session/cookie.
• On rendering of a page, refer to the Session/Cookie values (ensuring they are valid values and not null).

Things not to do in a cookie

• Don't store anything sensitive (use session).
• A cookie value should not grant/deny you access to anything (use session).
• Trap errors, assume flags and strings may not be what you expect, may be missing, may be changed in transit.

I'm sure there is other things to consider too, but this is just off the top of my head here.