Session variables
I know that the session ID is stored on the users' machine in either the cookie or in the URL, but where are the session variables stored? Are they somehow transferred between the client and the server during the network request, or are they stored on the server exclusively?
I ask because I'm not in the habit of trusting session variables. Instead, I use a double-blind number combination stored in the session to varify if the session is valid. Then I compare that with data I put in a MySQL database, including their IP, and the time of their last visit. The problem with this strategy, is that I'm making 2 database queries for each pageview. One to get the data, another to update it.
I suspect that this is too much of a drain on the server. Should I instead rely exculsivly on session variables?
I ask because I'm not in the habit of trusting session variables. Instead, I use a double-blind number combination stored in the session to varify if the session is valid. Then I compare that with data I put in a MySQL database, including their IP, and the time of their last visit. The problem with this strategy, is that I'm making 2 database queries for each pageview. One to get the data, another to update it.
I suspect that this is too much of a drain on the server. Should I instead rely exculsivly on session variables?
