Well, this is more to stir a debate than anything...or at least good reference point for people to choose correctly. Each person has their own beliefs in performance. Each use can be based on project. So basically, which is better: 1. Storing user sessions in MySql (or other DB)... 2. Letting the server handle it... I wish I could contribute! -j
Woah, 100% of people say 'Storing sessions on the Server.'. This seems a somewhat single sided vote Righty, let me cover this: 1. Storing user sessions in MySQL is a good way of doing things, though is slow and not great for big sites. A better idea would be to have checks on the username, password then comparing a sessionid with whats set in the DB and $_Session. 2. Comparing with what is posted and set by the server does work, but it's not 100% secure. I would recommend a mixture of both.
Not enough info to pick a side here. What needs to be known most importantly are: 1. Are we on a shared or dedicated server? 2. What sort of data is being stored?
I agree with phper. More specific information should have been provided which would help the members go for the right choise.
Depends on your use and with your server setup. Maybe you have your site running on cluster of servers and hosting your DB on a different set of servers, then you'd probably think of caching your not so sensitive data on your web server. You may store ID's or frequently accessed data (not so confidential ones) in server sessions too.