1

I have some information like the user full name and the profile picture that I need to access this information all the time in mysql. (all pages that he visits)

I was thinking to get this information once when user login and store this in a COOKIE. So every page I get this information in this cookie to avoid mysql connection for this everytime. (if the cookie is not set or lost date, I check mysql).

is it a good solution or a no sense one? can I have problems doing this? anyone has tried some similar thing?

thank you friends!

EDIT: I don't want to store LOGIN information in a cookie, I have SESSION for this. Just want to set a cookie for irrelevant information, his profile picture, his full name... not login access data.

RGS
  • 4,062
  • 4
  • 31
  • 67
  • 1
    Sessions > Cookies for personally identifiable information like this. – Darren Feb 19 '16 at 06:26
  • @Darren I save session in mysql, so in the end, I need to check mysql to get it... but yeah, I need to get session anyway so I can store this there. thank you – RGS Feb 19 '16 at 06:32
  • Possible duplicate of [Storing information in cookie to remember login](http://stackoverflow.com/questions/6384776/storing-information-in-cookie-to-remember-login) – Rahul Feb 19 '16 at 06:52
  • http://stackoverflow.com/questions/6384776/storing-information-in-cookie-to-remember-login?rq=1 – Rahul Feb 19 '16 at 06:52
  • @RahulDambare I just want to store his name and his profile picture... not his access data. – RGS Feb 19 '16 at 06:54

1 Answers1

1

Just like Darren suggested, you should never use cookies for personal information - those are rather easy to be recovered from public computers. Besides, there's no real drawback of loading the MySQL every time, unless you're very tight on bandwidth. My suggestion would to use a script like this:

$sql = new mysql("localhost", "Some_user", "some_password", "some_db");
$handle = $sql -> query("SELECT * FROM users_or_something");
while ($row = $handle -> fetch_object()){
   $name = $row -> name;
   $img_url = $row -> img;
   //...

}

And then...

include "db_load.php";

in every page.

Or even better, include it in your login processing page, then use $_SESSION[] to pass it between your scripts.

For faster logins, you could however store some user ID as a cookie and then, if the user opts in for auto-login, look for it. In that case, make the login page (index.php)? look for it before displaying a login form.

From a purely technical point of view, you can store pretty much anything as a cookie, if you can retrieve it. There's nothing (technically) wrong with what you're suggesting.

InterCity
  • 102
  • 7
  • thank you for your answer friends! In fact I have both, session and cookies. Session is for the username and user_id to access my website login. BUT I would create a cookie for some irrelevant information, such as his full name and profile picture. I don't want to store his login information in a cookie! – RGS Feb 19 '16 at 06:58
  • 1
    @Rick Joe: That will work. As I said, there's nothing wrong with it. I just doubt that would be much an improvement, since you're basically loading the same thing from another place. Do what you're more comfortable with. My personal choice is MySQL. – InterCity Feb 19 '16 at 07:24