Sessions Best Practices

+1 Jason Amador · August 6, 2014
Hello, all.  I am fairly new to PHP, and am used to data persistence from c++/java programming.

I'm working on a business management system using CodeIgniter, and I currently want to include the following in the session cookie (CI doesn't use the native PHP sessions):
  -  user_id (db column)
  -  current_company_id
  -  default_company_id (db column)
  -  logged_in (i guess this isn't really necessary, but I'm using it anyways)

I expect to find the need to add more as I progress.  What should I avoid including in the session cookie, if anything?  Are there any best practices that all you brilliant people would suggest?

Thanks for your time, guys.

Post a Reply


Oldest  Newest  Rating
0 Colin James · August 8, 2014
Look into session hijacking etc.
Just make sure your site isn't at all at risk of XSS, SQLi, Dir traversal etc. etc. etc.

Off topic: I use ajax in all of my websites so I always create a $_SESSION['token'] and send it in the ajax POST request so I can verify where the request came from etc. etc. 
  • 1



Server-side, HTML embedded scripting language used to create dynamic Web pages.