On 09/18/2009 11:13 AM, Tina Mueller wrote:
How does the user invalidate that "session"? (in case the cookie leaked or something like that). Or how can the website owner log out a certain user?
When you generate the hash for the cookie, you can also include the timestamp and the IP address of the client. If the cookie leaks it can't be used (unless the person who steals it is also on the same NAT'd network and uses it quickly). But you'll have that same problem anyway.
Is one select per request that bad? if the website is completely dynamic you will probably have other requests as well?
One extra select on every request can add up. In most web architectures the DB is a scarce shared resource.
If you care about the number of selects you should IMHO better safe those with the help of caching.
Caching of sessions could help, but if you don't need to go down that road, why do it in the first place?
-- Michael Peters Plus Three, LP
