I am using Symfony2 but this question is pretty general.
I want to login a user and right after the login, let him choose from a certain amount of "roles". These roles are objects in the database carrying a lot of configuration with them.
Question: What is the best practice of storing what role the User chose?
Session? But it's bad practice to store objects in sessions, isn't it? Id of the role in the Session? Id (or a hash of it) of the role in a cookie?
Thanks for your thoughts.
分享 Definitely store the session ID instead of the whole object. Specially if the object's data won't change from user to user. In fact, if the object's data won't change over time, you could potentially use one of several techniques to cache it.
Whether you use cookies or sessions to store the information depends on your requirements. If you need to store additional data (other than the ID of the role), and require such data to be safe from being edited, then you should consider using sessions, since they prevent the user from editing the stored data manually. Otherwise, using cookies is more efficient, since the server doesn't have to deal with all the hassle of session storing and retrieving.
分享
