473,324 Members | 2,193 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Should a class directly reference $_SESSION?

Daz
Hi everyone. I'm just wondering if it's considered bad practice to
have a class read from and write to the $_SESSION super global. I was
just learning a little about object serialization, and I've come to
the conclusion that storing potentially large serialized objects in a
database is perhaps a bad idea. The data could also be stored in a
file, but in that case, I may as well use $_SESSION. If I'm going to
go down that road, why not store object states in the $_SESSION super
global?

I can see that this could cause problems with regards to ambiguous
names on larger projects, but will I be struck by lightening if I have
objects instantiate from the $_SESSION super global, and manipulate
is? Obviously, my object would check to see if there is a session
first, but $_SESSION can then be used by other classes and which can
do the same, and manipulate it also.

Also, perhaps security is an issue in the sense that variables could
be removed by other classes, which could lead to problems, but it's no
more dangerous than using $_GLOBALS IMHO.

What concerns me is that I've never actually heard of objects using
the $_SESSION super global like this which leads me to believe I might
be missing something.

I'd be interested to hear anyone's thoughts on the matter.
Jul 28 '08 #1
4 2116
Daz wrote:
Hi everyone. I'm just wondering if it's considered bad practice to
have a class read from and write to the $_SESSION super global. I was
just learning a little about object serialization, and I've come to
the conclusion that storing potentially large serialized objects in a
database is perhaps a bad idea. The data could also be stored in a
file, but in that case, I may as well use $_SESSION. If I'm going to
go down that road, why not store object states in the $_SESSION super
global?
No, it's not necessarily bad for a class to use the $_SESSION
superglobal. But it's generally not a good idea to store any large
amount of data in the $_SESSION, a file or a database. It will slow
down the system and could take a lot of disk space. But it depends. If
the data comes from a database in the first place, I'll just store an ID
and refetch the data. It has the additional advantage of getting fresh
data (in case it was changed by someone else).
I can see that this could cause problems with regards to ambiguous
names on larger projects, but will I be struck by lightening if I have
objects instantiate from the $_SESSION super global, and manipulate
is? Obviously, my object would check to see if there is a session
first, but $_SESSION can then be used by other classes and which can
do the same, and manipulate it also.
When I do use the $_SESSION variable from a class, I normally prefix the
data with the class name. Multiple values I use an array, i.e.
$_SESSION['class_myclass']['x'] = $x;
Also, perhaps security is an issue in the sense that variables could
be removed by other classes, which could lead to problems, but it's no
more dangerous than using $_GLOBALS IMHO.
That's why I use the classname as a prefix.
What concerns me is that I've never actually heard of objects using
the $_SESSION super global like this which leads me to believe I might
be missing something.

I'd be interested to hear anyone's thoughts on the matter.
Not at all. Not necessarily all that common - but that's because a lot
of people aren't using objects.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jul 28 '08 #2
Interesting Topic/Post

I, just out of the blue last week decided to use the
$_SESSION['class_myclass']['x'] = $x; with an application I writing.
I feel $_SESSION is rather secure. Now I'm wondering how much data is
too much data? My problem is, information is going into the database
mostly rather than out. Issue I have with an old application(which
this one is replacing) is null records and fields. I'm eliminating
that by a better designed database and storing filtered data in
$_SESSION. Users don't like to click "cancel". The only problem I can
think of that I'll run into is if a user decides to upload a file, but
I don't have that in design, either text or a point(url) to the data.
Jul 28 '08 #3
On Jul 28, 4:46*pm, Daz <cutenfu...@gmail.comwrote:
Hi everyone. I'm just wondering if it's considered bad practice to
have a class read from and write to the $_SESSION super global. I was
just learning a little about object serialization, and I've come to
the conclusion that storing potentially large serialized objects in a
database is perhaps a bad idea. The data could also be stored in a
file, but in that case, I may as well use $_SESSION. If I'm going to
go down that road, why not store object states in the $_SESSION super
global?

I can see that this could cause problems with regards to ambiguous
names on larger projects, but will I be struck by lightening if I have
objects instantiate from the $_SESSION super global, and manipulate
is? Obviously, my object would check to see if there is a session
first, but $_SESSION can then be used by other classes and which can
do the same, and manipulate it also.

Also, perhaps security is an issue in the sense that variables could
be removed by other classes, which could lead to problems, but it's no
more dangerous than using $_GLOBALS IMHO.

What concerns me is that I've never actually heard of objects using
the $_SESSION super global like this which leads me to believe I might
be missing something.

I'd be interested to hear anyone's thoughts on the matter.
I would say it is bad practice to have your classes alter or read any
$_SESSION variables. Instead, its best to pass these variables to the
method/class, and then return them and have your controller assign
them to sessions or whatever else.
Jul 29 '08 #4
On Jul 28, 10:46 pm, Daz <cutenfu...@gmail.comwrote:
Hi everyone. I'm just wondering if it's considered bad practice to
have a class read from and write to the $_SESSION super global. I was
just learning a little about object serialization, and I've come to
the conclusion that storing potentially large serialized objects in a
database is perhaps a bad idea. The data could also be stored in a
file, but in that case, I may as well use $_SESSION. If I'm going to
go down that road, why not store object states in the $_SESSION super
global?

I can see that this could cause problems with regards to ambiguous
names on larger projects, but will I be struck by lightening if I have
objects instantiate from the $_SESSION super global, and manipulate
is? Obviously, my object would check to see if there is a session
first, but $_SESSION can then be used by other classes and which can
do the same, and manipulate it also.

Also, perhaps security is an issue in the sense that variables could
be removed by other classes, which could lead to problems, but it's no
more dangerous than using $_GLOBALS IMHO.

What concerns me is that I've never actually heard of objects using
the $_SESSION super global like this which leads me to believe I might
be missing something.

I'd be interested to hear anyone's thoughts on the matter.
It sort of depends on your version of 'large', and whether you really
need all the data/objects for every page invocation.

One caveat is to think about what will happen if the user opens a
second (or third or...) window using the same session but trying to
interact with a different subset of data.

C.
Jul 30 '08 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Yoyoma_2 | last post by:
Hello, i'me having a wierd problems with sessions. PHP 4.3.3, Register globals is on, and the sessions module is installed. if i have a page like this: <? session_start(); $_SESSION="blue";...
5
by: Golf Nut | last post by:
hello all! I would like to create a session class which would transparently handle sessions as well as serialize, encode and compute an md5 hash of all $_REQUEST information. This would...
2
by: xu | last post by:
Hi, i'm quite new with PHP. I was wondering if i get a reference or a copy back when i try to retrieve it at page2.php $foobar = $_SESSION; // page1.php .... $myobject = new MyObject();...
106
by: A | last post by:
Hi, I have always been taught to use an inialization list for initialising data members of a class. I realize that initialsizing primitives and pointers use an inialization list is exactly the...
13
by: cgough | last post by:
My true programming language is C++. I am at best a VB6 hacker that is just getting into VB.NET. I have a quick question about when to new and when not to new. Consider the following 2 classes....
3
by: Jon | last post by:
All, I'm currently building a custom Content Management system for a site we're working on, and am stuck. Currently, I am using a couple of classes to run most of the queries throughout the...
8
by: Bruno Alexandre | last post by:
Hi guys, I'm using a session to save an ArrayList, so I do not read Database everytime user reload the page or enter the site (the Data is consistent for all entire session time when the user is...
3
by: dischdennis | last post by:
Hello List, I would like to make a singleton class in python 2.4.3, I found this pattern in the web: class Singleton: __single = None def __init__( self ): if Singleton.__single: raise...
6
by: Patient Guy | last post by:
I am a newcomer to using PHP but not to programming (C, C++, Javascript). I am playing around with classes and wanted to make a function that has a method simply for producing either plain text...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.