coveralls
commented
10 years ago Coverage increased (+0.03%) when pulling eef69e7efeaec57e2d29b87d4ed004947a76a115 on mebjas:session_var into f926bf1b911aae3bc03d2b9f6c2fe09abf7a3726 on OWASP:master.
Closed mebjas closed 10 years ago
coveralls
commented
10 years ago Coverage increased (+0.03%) when pulling eef69e7efeaec57e2d29b87d4ed004947a76a115 on mebjas:session_var into f926bf1b911aae3bc03d2b9f6c2fe09abf7a3726 on OWASP:master.
mebjas
commented
10 years ago But how does that effects, storing set data to this variable will ensure easy retrieval (rather than having to call a function). Also we are using no session_start() so scope is limited to current page only.
To me this looks similar to setcookie() & $_COOKIE, one will use, $_SESSION in their logic whenever they want to read it and $obj->setData() to set the value for future use
Also accessing data from memory would be faster than, db access.
SvenRtbg
commented
10 years ago Not using session_start() is one of the problems, because if it is being used elsewhere, it will change the global variable without anyone knowing or noticing. And really, what is the difference between using the clean version of $session->getData('foo') and the problematic $_SESSION['foo'] - additionally if you don't support writing to $_SESSION but have to use the method call.
mebjas
commented
10 years ago you are actually right
Currently for retrieving session values we need to call getData(), however its better to store the values in $_SESSION array which is currently empty. It will result in easier access.