[ad_1]
[ad_2]
I started using $_SESSION and it's working fine.
Then I find people saying to never use $_SESSION because of a whole list of issues like if you're using a load balancer and security issues.
However, I see many posts on various sites explaining how to use $_SESSION and many people are using it.
What's the alternative? Cookies?
I looked into cookies but cannot for the life of me figure out how to encrypt the content of a cookie. This seems like it would be a common things but, I don't know, maybe it's not possible.
I just don't want to keep hitting the database every time I want to retrieve some user info.
Sessions are generally bad mojo because they’re not configured correctly on most hosting systems.
What kind of user data are you storing in sessions?
Encrypt cookies like passwords are encrypted in wordpress, if you need it.
So, your password is stored hashed.
If you login, the password you’re sending is checked by hashing it and then compare to hashed value.
You could do the same with cookies …. but …
Who consumes cookies? The client, not server, so hashing them and compare them to server-side hashed …. is rendering the use of cookies useless.
Maybe, you could tell us a bit more what information you like to store in cookie?
In normal cases you store things like cart, user information etc in cookies. Nothing user doesn’t already know, since it’s their data.
Other websites **can’t** access cookies for your site.
Depends on the use case I guess, but localStorage on the client side. Make sure it’s nothing sensitive, same security implications as cookies but more flexible.