Why is it not good to use $_SESSION in Restful Implementations?
Posted
by keisimone
on Stack Overflow
See other posts from Stack Overflow
or by keisimone
Published on 2010-03-09T03:54:18Z
Indexed on
2010/03/09
5:36 UTC
Read the original article
Hit count: 323
Original Question:
i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles?
I read that it is not good to use $_SESSION.
http://www.recessframework.org/page/towards-restful-php-5-basic-tips
I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit.
right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action.
however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve.
To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION.
Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved.
Is the way I am implementing bad? not RESTful? how do i improve performance and security?
Thank you.
© Stack Overflow or respective owner