[eluser]Aea[/eluser]
The Next Few Lines Summarized : Is Session Data through the CI Library just store the session ID in the cookie, or everything? If this's the case how can I ensure the data is secure, I don't really wish to use encryption, since that is storing a lot of important data in a location the user can change, I'm not too confident with encryption.
Question #1
While I may be a fairly old, well, six months, user here, I've just recently started working with CI (my previous attempt was sidelined by the need to get a project created, so I stuck with a CMS), and I've run into some conceptual problems.
I'm starting with user authentication since, well, that's basically what I consider to be the starting block of any project. To accomplish this I've loaded the session class and created a database to store "user_id" in addition to the defaults used by sessions.
I have a hook to call a loader class and activate my authentication function...
Code:
function authenticate()
{
$session_id = $this->CI->session->userdata('session_id');
$user = $this->CI->mxket->get_user_id($session_id);
$user_id = $user->user_id;
$_SESSION['user'] = $user_id;
}
Now what I'm curious is, what instead of $_SESSION['user'] would be a better mechanism for allowing the user id to be tied in with the rest of the system, and, does $_SESSION rely on the current session or must something else be added?
It seems logical to do something like...
Code:
$this->CI->session->set_userdata('user_id', 'user_id');
... But wouldn't this put it into the cookie? This is something I feel is a security risk, even with the prospect of encoding.
Is there a better way to do user authentication? I've seen several people have examples of code where they basically redirect the user to an authorization page if they're not logged in, while I feel this works, I still need to reference the user_id somehow, for further user specific authorization within my script. Also, I can't seem to assign a variable to something stored in the $_SESSION (is this even tied in with the CI session in any way?, if so, how do I use sessions to both write *some* variables to the database, but keep others private to the system and in noway become stored in the cookie? Do I need to write my own or just use the sessions built into PHP? I'm probably just not getting something pretty clear though
Question #2
I will be working on a program which will require me working with some large sets of data, but without any real complex operations, mostly selects and inserts. Am I correct in choosing MySQL as my database to do this with?
Question #3
I have large sets of data which will be universally identical between all iterations of the script. These are separated out as rows in a database, but my question is whether I would be better assigning the entire table (about 1500 rows) into an array and then just using that. Concern is, will it be worth it, and how should I approach in order to have all my clients use the same set of data without redeclaring it for each run. I don't think PHP is capable of doing something like this, so should I just stick with the DB and pulling rows when I need them?