Hello, all. I am fairly new to PHP, and am used to data persistence from c++/java programming.
I'm working on a business management system using CodeIgniter, and I currently want to include the following in the session cookie (CI doesn't use the native PHP sessions):
- user_id (db column)
- default_company_id (db column)
- logged_in (i guess this isn't really necessary, but I'm using it anyways)
I expect to find the need to add more as I progress. What should I avoid including in the session cookie, if anything? Are there any best practices that all you brilliant people would suggest?
Thanks for your time, guys.
Sessions Best Practices
Post a Reply
|Oldest Newest Rating|
· August 8, 2014
Look into session hijacking etc.
Just make sure your site isn't at all at risk of XSS, SQLi, Dir traversal etc. etc. etc.
Off topic: I use ajax in all of my websites so I always create a $_SESSION['token'] and send it in the ajax POST request so I can verify where the request came from etc. etc.