Yii Framework Forum: Storing sensible information in session - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Storing sensible information in session Rate Topic: -----

#1 User is offline   Kike 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 30
  • Joined: 29-April 10

Posted 07 June 2010 - 12:11 PM

Hello all,

I need to store some sensible information related to the user to be retrieved very quickly each time the user makes a request. My first thougth was to put it with the session with setState() method and avoid to do a request to the User table each time, but if I active allowAutoLogin then this information is stored in the cookie and can be viewed and changed by the user.

Is there possible to configure something to store this information in the session but not store it in the cookie?

What is the best approach to do something like this? I was thinking in some cache mechanism or encrypt that value in the cookie...

Regards:
Kike
0

#2 User is offline   gallego123 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 535
  • Joined: 11-August 09
  • Location:Argentina

Posted 07 June 2010 - 01:07 PM

View PostKike, on 07 June 2010 - 12:11 PM, said:

Hello all,

I need to store some sensible information related to the user to be retrieved very quickly each time the user makes a request. My first thougth was to put it with the session with setState() method and avoid to do a request to the User table each time, but if I active allowAutoLogin then this information is stored in the cookie and can be viewed and changed by the user.

Is there possible to configure something to store this information in the session but not store it in the cookie?

What is the best approach to do something like this? I was thinking in some cache mechanism or encrypt that value in the cookie...

Regards:
Kike


http://www.yiiframew...oc/cookbook/60/
KISS - Keep It Simple Stupid
ASAP-As Soon As Possible
http://www.yiiframew...oc/cookbook/71/
0

#3 User is offline   frantic 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 172
  • Joined: 01-March 10
  • Location:Saint-Petersburg

Posted 07 June 2010 - 01:12 PM

What kind of information do you talking about? If you only wanna display this data for the user it's not terrible if the user change this informations. If you are planning for further using these information in your SQL queries so yes - it's not safely in this case and changing the cookies by user may lead to undesired results. But what for to store the data in cookies in this case? You will call to database for change any data for user anyway, so why not to call to the User table and retrieve needed parameters from here?
-1

#4 User is offline   Kike 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 30
  • Joined: 29-April 10

Posted 08 June 2010 - 04:49 AM

Thanks for the responses,

Horacio, I tested that solution but it requires to do a query to DB each time the user makes a request and it's what I want to avoid.

Frantic, the info I want to store defines the next queries to the DB, so if the user change it he will be able to access data is not allow to see. So is very important it can be retrieved quickly and not be changed by user.

What's the best way to solve the problem? sessions, caches, cypher params in cookies... Thanks in advance.

Regards:
Kike
0

#5 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,013
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 08 June 2010 - 05:21 AM

Why don't you simply use Yii::app()->session?
1

#6 User is offline   gallego123 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 535
  • Joined: 11-August 09
  • Location:Argentina

Posted 08 June 2010 - 05:25 AM

View PostKike, on 08 June 2010 - 04:49 AM, said:

Horacio, I tested that solution but it requires to do a query to DB each time the user makes a request and it's what I want to avoid.


cook 60, is just a (very good) example
you can add all the functions you want to WebUser component

and you're wrong if you mean "loadUser"
queries only
if ($ this-> _model === null)

(sorry for mi english)
KISS - Keep It Simple Stupid
ASAP-As Soon As Possible
http://www.yiiframew...oc/cookbook/71/
0

#7 User is offline   Kike 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 30
  • Joined: 29-April 10

Posted 08 June 2010 - 06:33 AM

Mike, thank you very much for your response I have tested to store in the session variable and is working fine, accordig what I watched with firebug what I store in the session variable (Yii::app()->session['myvar'] = 'myvalue') is never stored in the client side so it's completly sure to store it there. I would be pleased if you could confirm it.

Horacio, I'm not sure what you are trying to say me, between two different HTTP requests I think is impossible to me retrieve the data without making an other request to the DB. If you could put an example would be great.


Thanks you very much.

Kike
0

#8 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,013
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 08 June 2010 - 06:36 AM

Sometimes solutions are easier than they look ;)
0

#9 User is offline   gallego123 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 535
  • Joined: 11-August 09
  • Location:Argentina

Posted 08 June 2010 - 09:31 AM

View PostKike, on 08 June 2010 - 06:33 AM, said:

I store in the session variable (Yii::app()->session['myvar'] = 'myvalue') "is never stored in the client side" so it's completly sure to store it there. I would be pleased if you could confirm it.


@Mike
this is true?
KISS - Keep It Simple Stupid
ASAP-As Soon As Possible
http://www.yiiframew...oc/cookbook/71/
0

#10 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,013
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 08 June 2010 - 09:34 AM

Yes. Sessions are kept on server only. User state data is stored in cookie (client) if autoLogin is true.
1

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users