CodeIgniter Forums
User Authentication and Sessions? + Questions on Postgre vs MySQL - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: User Authentication and Sessions? + Questions on Postgre vs MySQL (/thread-5553.html)



User Authentication and Sessions? + Questions on Postgre vs MySQL - El Forum - 01-25-2008

[eluser]Aea[/eluser]
The Next Few Lines Summarized : Is Session Data through the CI Library just store the session ID in the cookie, or everything? If this's the case how can I ensure the data is secure, I don't really wish to use encryption, since that is storing a lot of important data in a location the user can change, I'm not too confident with encryption.


Question #1
While I may be a fairly old, well, six months, user here, I've just recently started working with CI (my previous attempt was sidelined by the need to get a project created, so I stuck with a CMS), and I've run into some conceptual problems.

I'm starting with user authentication since, well, that's basically what I consider to be the starting block of any project. To accomplish this I've loaded the session class and created a database to store "user_id" in addition to the defaults used by sessions.

I have a hook to call a loader class and activate my authentication function...

Code:
function authenticate()
    {
        $session_id = $this->CI->session->userdata('session_id');
        $user = $this->CI->mxket->get_user_id($session_id);
        
        $user_id = $user->user_id;
        $_SESSION['user'] = $user_id;
    }

Now what I'm curious is, what instead of $_SESSION['user'] would be a better mechanism for allowing the user id to be tied in with the rest of the system, and, does $_SESSION rely on the current session or must something else be added?

It seems logical to do something like...

Code:
$this->CI->session->set_userdata('user_id', 'user_id');

... But wouldn't this put it into the cookie? This is something I feel is a security risk, even with the prospect of encoding.

Is there a better way to do user authentication? I've seen several people have examples of code where they basically redirect the user to an authorization page if they're not logged in, while I feel this works, I still need to reference the user_id somehow, for further user specific authorization within my script. Also, I can't seem to assign a variable to something stored in the $_SESSION (is this even tied in with the CI session in any way?, if so, how do I use sessions to both write *some* variables to the database, but keep others private to the system and in noway become stored in the cookie? Do I need to write my own or just use the sessions built into PHP? I'm probably just not getting something pretty clear though Smile


Question #2

I will be working on a program which will require me working with some large sets of data, but without any real complex operations, mostly selects and inserts. Am I correct in choosing MySQL as my database to do this with?

Question #3
I have large sets of data which will be universally identical between all iterations of the script. These are separated out as rows in a database, but my question is whether I would be better assigning the entire table (about 1500 rows) into an array and then just using that. Concern is, will it be worth it, and how should I approach in order to have all my clients use the same set of data without redeclaring it for each run. I don't think PHP is capable of doing something like this, so should I just stick with the DB and pulling rows when I need them?


User Authentication and Sessions? + Questions on Postgre vs MySQL - El Forum - 01-26-2008

[eluser]Rick Jolly[/eluser]
Question #1:
CI doesn't use native php sessions so if you want to use $_SESSION, then don't use CI's session class. Yes CI's sessions currently store session data in the cookie, so if you don't want to use encryption, then you should consider native sessions or one of the session libraries in the wiki capable of storing session data in the database.

Question #2:
Is there any reason not to choose MySQL? No.

Question #3:
Databases are for storing data, so I'd just leave it at that. I'm not sure if I understood your question, but php doesn't have application state, so it can't store your data in memory between web requests. You'd have to retrieve the data from database or file on each request.


User Authentication and Sessions? + Questions on Postgre vs MySQL - El Forum - 01-26-2008

[eluser]Aea[/eluser]
Thank you Rick Jolly, that is what I expected. Is there any consensus no which is better? OB Session seems to be the premier choice since it just stores the session_id is stored in the cookie and everything else in the database, need to do some research since $_SESSION is something that I absolutely must be able to use both for this project and further ones.

As for Question 3, I have a large amount of static data which I need to be referenced on a lot of pages and scripts, so instead of pulling it from the database I wondered if it would be more efficient to store it all in one array, but somehow have that array be shared across all users (instead of being redeclared, and such) it seems like quite the awkward question since I can't really verbalize the idea well.


User Authentication and Sessions? + Questions on Postgre vs MySQL - El Forum - 01-26-2008

[eluser]Rick Jolly[/eluser]
Well OBSession doesn't use php native sessions, so you won't be able to use $_SESSION with it. By default, native sessions store session data in a file and just the session id in a cookie. If you'd rather store session data in the database, you can still use native sessions by using the session_set_save_handler() function and implementing methods to read, write, etc. to interact with the database. There are classes out there that combine php native sessions with database storage, but none developed by CI users that I know of.

As for question #3, you might want to cache the data. You can cache the database results: http://ellislab.com/codeigniter/user-guide/database/caching.html. Alternatively, CI allows you to cache an entire page. There are other methods for caching page fragments.