Disadvantages of storing session data in MySQL?

[eluser]Devyn[/eluser]
Hi,
I'm developing a php game with CodeIgniter and my system is going to accept some data that I don't want to be changed by user.
Since cookie is not secure, storing session data in MySQL is one of the option.
However, I have no idea what will happen to server resources when request/seconds or concurrent users get higher.
Please give me some pro and con for this way.
If someone know some way better than this, please share with me
Thank you all in advance!

[eluser]überfuzz[/eluser]
It's hard to see any down sides in storing session based info in a session-array... What is it you're going to store, more explicit?

[eluser]Devyn[/eluser]
Hi,

I'm going to store 5 parameter:

1.)a string with value "abc,def,afd,jksd,lkj,iyw,zvy,poi"
2.)an integer with value 1 to 13
3.)an integer with value 0 and 1
4.)an integer with value 1 to 1000
5.)an integer with value 1 to 10000

my values seems confusing but it's a necessary for my project.
So is it possible to do that?

Thanks again.

[eluser]überfuzz[/eluser]
Store the info in the session array and use that array while your user is hooked up to the game. That way you can access the info fast. When ever the player does an upgrade or something major you store it in the sql-table.

[eluser]Devyn[/eluser]
So I'm assuming I can continue with that way.
Thanks überfuzz for yr fast reply. You Rock!

[eluser]jedd[/eluser]
[quote author="Devyn" date="1253233117"]
I'm developing a php game with CodeIgniter and my system is going to accept some data that I don't want to be changed by user.
Since cookie is not secure, storing session data in MySQL is one of the option.
[/quote]

What makes you think cookies aren't secure?

You can [url="http://ellislab.com/codeigniter/user-guide/libraries/encryption.html"]encrypt[/url] your [url="http://ellislab.com/codeigniter/user-guide/libraries/sessions.html"]session data[/url] by setting $config['encryption_key'] in your config/config.php file.

This makes your session data / cookie particularly secure, and would probably be much easier than the kinds of things you're looking at doing.

[eluser]n0xie[/eluser]
If you are going to develop an high volume site, take a look at memcache. Then again, what is high volume? By the time you need to scale up (or out) you have much bigger problems to deal with ;-)

[eluser]Devyn[/eluser]
[quote author="jedd" date="1253239231"][quote author="Devyn" date="1253233117"]
I'm developing a php game with CodeIgniter and my system is going to accept some data that I don't want to be changed by user.
Since cookie is not secure, storing session data in MySQL is one of the option.
[/quote]

What makes you think cookies aren't secure?

You can [url="http://ellislab.com/codeigniter/user-guide/libraries/encryption.html"]encrypt[/url] your [url="http://ellislab.com/codeigniter/user-guide/libraries/sessions.html"]session data[/url] by setting $config['encryption_key'] in your config/config.php file.

This makes your session data / cookie particularly secure, and would probably be much easier than the kinds of things you're looking at doing.[/quote]

I have search on the Internet and most of them say we can encrypt the cookie but hacker can still access the data and change.
I'm developing a card game so I'm afraid to store value of cards in cookie.
Can you please lead me some way to make bullet proof of cookie data?

[eluser]Devyn[/eluser]
[quote author="n0xie" date="1253239387"]If you are going to develop an high volume site, take a look at memcache. Then again, what is high volume? By the time you need to scale up (or out) you have much bigger problems to deal with ;-)[/quote]

I'll try memcache for sure and thanks for the advice.
My game is for facebook so I would like to make my app as robust as possible and use resource as less as possible

[eluser]jedd[/eluser]
[quote author="Devyn" date="1253240092"]
I have search on the Internet and most of them say we can encrypt the cookie but hacker can still access the data and change.
[/quote]

A lot of people on the Internet say a lot of things. Unsurprisingly, most of it is bollocks.

If you're really concerned, encrypt your data before you push it into your session - that way you'll have data that is encrypted by a mechanism that people can't break, twice.

What you could also do is send a copy of your encrypted cookie to one of those People On The Internet and ask them to find the contents. Offer them a million dollars if they can do it. Use a fake email address, just in case, and if they ever find you tell them the fine print of the deal clearly specified ZWD's.

Btw, just how sophisticated do you believe the kinds of people who play card games on facebook really are?