Alternative to codeigniter session for getting user data

Question

I am still a beginner at codeigniter and have been picking up bits and pieces from here and there.

I have built a website using codeigniter that is used by a few people to enter information about their team members and the progress of each member.
in the database, each user has the ID of his team (teams are defined in another table). whenever each user logs in, I save his team ID as a userdata session with $this->session->set_userdata.
and anytime he is inserting data or needs to display data about his team, i would get the ID from the session data and save it into a variable to be used in my code.

My question here, is to try and see if what i am doing is healthy, and secure, and to see if i can have a way to do it without using sessions.

Thank you.

Answer 1

What you are doing is completely fine, and is actually rather common. Just keep in mind, sessions aren't meant to store large amounts of data, but IDs and basic information is fine. More or less, a session uses a cookie as a unique identifier that points to a session file or db entry (if you are using CI db sessions) where the data is stored (see: How secure are PHP sessions? ). This data isn't accessible to the user, and can only be edited by server-side scripts, but sessions can be hijacked (see: Preventing session hijacking ) but I wouldn't worry too much about that (see: How to prevent session hijacking in CodeIgniter 3 , author Narf wrote/co-wrote the session lib for CI).

Long story short, what you are doing is common and fine. Use sessions to your hearts content for basic stuff. You will always need some unique identifier to point back to the user id, so don't try and avoid sessions.