Where to store information using php - Best Practice

Question

first of all sorry if my english will be a little bad!

I'm a newbie of PHP programming and i've some questions:

I'm developing a website using PHP. In this site i have a login: more of one php page is accessible only to logged user, and in all of this pages i check if the user is logged using $_SESSION["user"] variable, that, if it is instantied, contains the username. Is repeating this control each page a bad practice? What are alternatives?

Then, an user could be an admin or a tester and i get this information doing a query when i need (more of one time for the same session of the user). Should i use another $_SESSION variable to store these informations? and check this variable where i need? (In this moment i do a query to get (again) this information).

Is to use a SESSION variable secure?

I ask because i've same code in more pages, and this doesn't seem a good practice.

Regards, Luca

Answer 1

In my opinion, depending on the structure of your code, you could create a php file which will work as a controller and will have some basic configuration all of your other pages will inherit.

$_SESSION is not a bad idea as long as you use it correctly. Since the user is logged in from the very start, you can keep in session the important information, like their username or their role permission in order to be able to call them immediately without making connections to the database constantly.

But you have to be careful on the security of this issue too, as there is always the risk of someone affecting this data from the browser. So the session should have an expiration time limit and the data should be encrypted.

These configurations could be set up from your main php class, and as a result inherit the methods of this class methods on every other php page you are using.