in reply to Re: (fongsaiyuk) info from one page to another.
in thread info from one page to another.

<tip> When using server-based session management, instead of storing lots of user data in the session consider storing only the row id from the user's login profile in the session. That way with one quick query to the database on a page reload you have all the user profile information.</tip>

This tip is particularly important to bear in mind if you're at all security conscious. It isn't particularly hard to manipulate session data, whether it's munged in the URL, or in a cookie, or wherever. If the only piece of information there is an ID that points to the real data, it's a lot harder to set that data.

This of course means that you shouldn't use autoincremented values for this ID, unless you don't mind someone deciding that they'd rather be user 123143 instead of 124124.

I've come across quite a few major ecommerce websites (including large public companies) who had URLs along the lines of http::www.wherever.com/cgi-bin/view_return?id=1233 to let you see the details of your return, and who would quite happily let you see the details of return 1232, 1231 etc as well...

Tony

  • Comment on Re: Re: (fongsaiyuk) info from one page to another.

In Section Seekers of Perl Wisdom