2

Is there anyway to store users data such as userid, email, etc to be accessible from all pages of a website after they have logged in, but without using sessions or cookies?

For example:

class User
{
  var $userid;
  var $username;
  var $email;

  .. methods..
}

after they login at login.php

$currentUser = new User($_POST['username'])

now, how do I access $currentUser from another page, such as index.php if I shouldn't use sessions or cookies at all?

so that I could do the following in index.php:

if ($currentUser->userid > -1)
{
  echo "you are logged in as: " . $currentUser->username;
}
else
{
  echo "click here to login";
}

i asked a similar question before, here, but the answers didn't fulfill my needs.

Improve this question
6
  • But this is the whole reason we use sessions. Can I ask why you don't want to use a session or a cookie? Commented May 26, 2010 at 23:00
  • @Sev: Why not? Could you provide us a reason you don't want to use it? Then we can provide you a better answer. Commented May 26, 2010 at 23:18
  • @Sev: Sessions are absolutely the way to go for globalizing stuff for a user's session (eg for the entire time they're logged in). That's why they're called sessions. However they are not good to use for globalizing stuff for just one request, as it wastes space serverside by saving everything after the request is over. And yes, I recommend storing your objects in the session. My recommendation to keep your OOP style is to store a Session object (singleton, maybe?) in your session to encapsulate the session, and just interact with that. See my answer below for a quick example. Commented May 26, 2010 at 23:24
  • You can store user data in something like memcache, but you'll need to give the user some sort of cookie so you know which set of user data to retrieve from cache. Commented May 26, 2010 at 23:27
  • @Frank: Which would basically be a session. Commented May 27, 2010 at 0:00

3 Answers 3

Reset to default
4

If you're over-the-top gung-ho with regards to OOP and refuse to directly interact with sessions/cookies, I'd strongly suggest you simply encapsulate sessions instead of remaking them. Even something as simple as this:

//oopsess.php
<?php
    class Session{
        ...
    }

    session_start();

    function getSession(){
        //return the session if one exists
        if (isset($_SESSION['sessionObject']))
            return $_SESSION['sessionObject'];

        //otherwise save and return a new one
        $_SESSION['sessionObject']=new Session();
        return $_SESSION['sessionObject'];
    }
?>

Easily adaptable if you want to store the data clientside - in a cookie - instead of just storing the session id client side (which is what this does).

Edit: Also, teasing aside with regards to OOP, if your code is all very OOP, this is actually a genuinely good way to keep your code clean - not just a way to satisfy your OOP-hungry cravings as I implied above ;)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I'm just trying to find out what the best-practices are in the case of logging in, etc. Although I admit, I am slightly hungry for pure OOP PHP coding ;)
@Sev: This is the way to do it. On login, you could simply modify the sessionObject. Or perhaps better would be to add a User member to the session object, and have it null unless they're logged in. Sessions are the generally accepted best way to store session data.
@Sev: np. One idea to consider which I've seen done before is storing a session id as a cookie and keeping the session in your db. The cool thing about doing that is it allows admin full and easy control over sessions. Plus you can implement neat things like gmail's "log out other sessions" feature. Food for thought :)
1

It's a little far-fetched, I admit:

Edit: The site seem to be popular these days, they will be back online tomorrow. Basically, the study says, that browsers alone are able to provide fingerprint-like data to their vis-à-vis.

Improve this answer

1 Comment

lol. It's still a session by definition, though. Just using different data to identify that session.
0

Sev Said "One idea to consider which I've seen done before is storing a session id as a cookie and keeping the session in your db. The cool thing about doing that is it allows admin full and easy control over sessions. Plus you can implement neat things like gmail's "log out other sessions" feature. Food for thought :)"

Just a note that we do this and it works great.

Improve this answer

2 Comments

Actually I said that. Also, this would probably have been best to add as a comment under my answer, rather than an answer itself. Oh and welcome to stackoverflow :)
Yeah, I figured that -- but I couldn't figure out how to add a comment under yours....... I found the add comment link under this, but there doesn't seem to be one anywhere else. What am I missing? :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.