a-ok Posted December 21, 2018 Share Posted December 21, 2018 Just a quick q. re https://processwire.com/docs/security/sessions/ – is this also related to https://processwire.com/api/ref/session/ – so if I was to create a session it would store it on the DB instead? I'm just thinking this could be useful for HTML5 sessionStorage etc. Thanks! Link to comment Share on other sites More sharing options...
LostKobrakai Posted December 23, 2018 Share Posted December 23, 2018 The text is talking about server side session handling. The default in php is to store files in the filesystem with session identifiers, which historically was more prone to security issues on shared hostings than the database. Most services I use nowadays got their filesystem permissions properly under control though, so this hopefully is a thing of the past. Php does also support other storages for sessions out of the box like redis or memcache. ProcessWire also comes with SessionHandlerDB, which stores the session identifier in the MySQL database next to all the other data it needs to store. This is an easy solution, but makes your application more difficult to scale independently depending on the load you get. $session is the API variable, by which you work with said php session of users in ProcessWire. Everything mentioned by now is totally unrelated to client side storage like the html5 sessionStorage. This has the name "session" in it not because it somehow relates to server side session handling, but because it lasts only for a certain browser session a.k.a. it's wiped as soon as you close your browser. It's just a property for the "Storage" it provides in terms of expiration of data. Depending on what you want to do server side sessions and the sessionStorage of your browser can both provide a solution, but ultimately they work vastly different and you need to decide based on the tradeoffs what you should ultimately use. 2 Link to comment Share on other sites More sharing options...
adrian Posted December 23, 2018 Share Posted December 23, 2018 Just one additional comment to @LostKobrakai's great reply. HTML5 sessionStorage is basically the same as HTML5's localStorage except that it is only stored for the current session whereas localStorage is kept forever unless intentionally cleared. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now