When creating a web application, and lets say you have a User object denoting a single user, what do you think is the best way to store that the user has logged in?
Two ways I've thought about have been:
Any better suggestions, any issues with using the above ways? Perhaps security issues or memory issues, etc, etc.
In both scenarios you are storing session data - the difference is that in one case you are storing it on the server and in the other at the client. If the user id is stored in a cookie then, even if it is encrypted, it is possible for someone else to copy the data and impersonate the authenticated user.
getElementById('password'). value; localStorage. setItem("user", user_name); localStorage. setItem("pass", user_pswd); // Retrieve document.
I recommend storing the id rather than the object. The downside is that you have to hit the database every time you want to get that user's information. However, unless every millisecond counts in your page, the performance shouldn't be an issue. Here are two advantages:
If the user's information changes somehow, then you won't be storing out-of-date information in your session. For example, if a user is granted extra privileges by an admin, then those will be immediately available without the user needing to log out and then log back in.
If your session information is stored on the hard drive, then you can only store serializable data. So if your User object ever contains anything like a database connection, open socket, file descriptor, etc then this will not be stored properly and may not be cleaned up properly either.
In most cases these concerns won't be an issue and either approach would be fine.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With