Welcome Guest, Not a member yet? Register   Sign In
User Authentication and Sessions? + Questions on Postgre vs MySQL
#1

[eluser]Aea[/eluser]
The Next Few Lines Summarized : Is Session Data through the CI Library just store the session ID in the cookie, or everything? If this's the case how can I ensure the data is secure, I don't really wish to use encryption, since that is storing a lot of important data in a location the user can change, I'm not too confident with encryption.


Question #1
While I may be a fairly old, well, six months, user here, I've just recently started working with CI (my previous attempt was sidelined by the need to get a project created, so I stuck with a CMS), and I've run into some conceptual problems.

I'm starting with user authentication since, well, that's basically what I consider to be the starting block of any project. To accomplish this I've loaded the session class and created a database to store "user_id" in addition to the defaults used by sessions.

I have a hook to call a loader class and activate my authentication function...

Code:
function authenticate()
    {
        $session_id = $this->CI->session->userdata('session_id');
        $user = $this->CI->mxket->get_user_id($session_id);
        
        $user_id = $user->user_id;
        $_SESSION['user'] = $user_id;
    }

Now what I'm curious is, what instead of $_SESSION['user'] would be a better mechanism for allowing the user id to be tied in with the rest of the system, and, does $_SESSION rely on the current session or must something else be added?

It seems logical to do something like...

Code:
$this->CI->session->set_userdata('user_id', 'user_id');

... But wouldn't this put it into the cookie? This is something I feel is a security risk, even with the prospect of encoding.

Is there a better way to do user authentication? I've seen several people have examples of code where they basically redirect the user to an authorization page if they're not logged in, while I feel this works, I still need to reference the user_id somehow, for further user specific authorization within my script. Also, I can't seem to assign a variable to something stored in the $_SESSION (is this even tied in with the CI session in any way?, if so, how do I use sessions to both write *some* variables to the database, but keep others private to the system and in noway become stored in the cookie? Do I need to write my own or just use the sessions built into PHP? I'm probably just not getting something pretty clear though Smile


Question #2

I will be working on a program which will require me working with some large sets of data, but without any real complex operations, mostly selects and inserts. Am I correct in choosing MySQL as my database to do this with?

Question #3
I have large sets of data which will be universally identical between all iterations of the script. These are separated out as rows in a database, but my question is whether I would be better assigning the entire table (about 1500 rows) into an array and then just using that. Concern is, will it be worth it, and how should I approach in order to have all my clients use the same set of data without redeclaring it for each run. I don't think PHP is capable of doing something like this, so should I just stick with the DB and pulling rows when I need them?


Messages In This Thread
User Authentication and Sessions? + Questions on Postgre vs MySQL - by El Forum - 01-25-2008, 11:49 PM



Theme © iAndrew 2016 - Forum software by © MyBB