So, let's talk business. First, i need to know how you guyz manage your sessions.
Sessions are either stored in files (by default) or dbase by design. . . .Lets start from dia.

For security reasons, it is proper to save sessions in DB rather than the default file location. Beginners and intermediate developers though find it hard to manipulate. All in all, it's a good approach.

- nitation

Exactly. that is why i put the first option - dont know means file (or most likely not database). Now, no one else is talking
and this is a very important area bordering on security, or is it just that you folks just want to do your site with any standards
and move on?

but what is a database but a directory full of files (tables)?

But of course. . .what were you. . . thinking?

@ DHTML && Yawatide

You don't expect people to comment because it's not about HTML and Flash, or website review. Na d problem with our peeps be that. They prefare to run away from important issues and attend to unproductive arguments.

We can give tutorials on how to go about it. Both procedural and OOP for whoever that's interested.

- nitation

I can almost count the people that are likely to contribute to this thread on this entire board - not up to 10 !
They prefer to copy and paste (the majority) - well, i thought so before starting the thread - but lets see
what will/may happen - sometimes you may be surprised. . .

Pls, do you mean session (in php). If yes, I have been creating and using session for long in PHP and I am not aware of how its being saved, let alone save it in a database. Pls, how can one achieve this.

Let me be clear.

session will be user session (I presume).

Well i use cookies but usually encounter problems of cookie being disabled. Session does not last as long as cookies. a combination of the two is also nice, have not actually tried it.

Database is much better. You create a unique identifier and store in the DB. But if the user does not end the session the user information will be left vulnerable to theft. unlike cookie and sessions that you can set session expiring time .

My knowledge is based on php.

Session does not last as long as cookies.

I respectfully will beg to differ. You can make a session last as long as you want - from a few seconds to forever.

Exactly yawatide. Now as to not ending the session, you can set an expiry time for your session whether file or dbase. After that period, it
is no longer valid. But if it is in dbase, it is kinda more secure. Then again, you need to be careful what you put inside your sessions so that
if it gets hijacked, damages may be minimal. Now we are just getting to the basics, we hav not started hijacking sessions yet.
Hopefully someone will talk sessions vs ssl (i mean that https:// bla bla bla).

If you do not know where your cookies are stored, then it usually means file storage 'cos that is the default! So now, when cookies are expired
the php gc - aka garbage collector will delete them later on.

Lemme add quickly here that if you manage your cookies in dbase, then it becomes easier to track people who are online, guest and registered members. . .

I think this is a give and take situation - what if the db wasn't properly designed and is hacked into? then what? Besides, I am all for shifting as much work to the client's browser as possible. Make im follow suffer small

*dhtml:

Lemme add quickly here that if you manage your cookies in dbase, then it becomes easier to track people who are online, guest and registered members. . .

Just like sessions too, if you are able to capture the time each session begins.

I don't know why people think its best to store every thing in the database, I don't like it, I prefer to store sessions in file, I like to have less work done on the database as much as possible.

Is it not just best to have session that are stored in a tmp folder, this you can change in your php.ini folder, and you can have it cleared every so often, is that not secure too?

Well what do I know, just an intermediate developer

The simple answer to your point kolitos is because, the more interactive your program becomes, the more the database involvement. By your tone, it seems you haven't worked on large applications in the past or else, you should have a general idea about what we are talking about.

Kudos to your observation though:

- nitation

Yes I have worked on large interactive data, I work in a company that we provide learning applications for schools, this involves a lot of logins and cookie sessions.

It depends on what you want, we don't like to stress on the database, which will affect the server. You can secure your database even if its all session stored in files.

We use ruby on rails for client and server communication, this does not involve storing loads of messages on the database. I just prefer it that way.

Dbase management. . . and stuffs is another topic entirely - which i will rather not talk about here. But there are many ways
of making your database work properly, i am not an expert yet in this area, but i am very much more better than before.
Because, some people believe dbase handling is just creating tables and dumping and retrievin just like that. . . . . . . . . . . .

As for whether it is files or dbase that is best, i think you should do a quick research on that one. But i know that by default
joomla uses dbase, same with SMF and they store large amount of data!

*dhtml:

Dbase management. . . and stuffs is another topic entirely - which i will rather not talk about here. But there are many ways
of making your database work properly, i am not an expert yet in this area, but i am very much more better than before.
Because, some people believe dbase handling is just creating tables and dumping and retrievin just like that. . . . . . . . . . . .

As for whether it is files or dbase that is best, i think you should do a quick research on that one. But i know that by default
joomla uses dbase, same with SMF and they store large amount of data!

Well said dhtml.

Yes I have worked on large interactive data, I work in a company that we provide learning applications for schools, this involves a lot of logins and cookie sessions.

It depends on what you want, we don't like to stress on the database, which will affect the server. You can secure your database even if its all session stored in files.

We use ruby on rails for client and server communication, this does not involve storing loads of messages on the database. I just prefer it that way.

Some of your points require proper explanation. "How does DB involvement affect a server when the application is properly developed" . I mean in every way possible.

Secondly, I think your organisation needs to take a proper look into the security fence of Ruby and Rails as Twitter and 37signals have suffered a blow. As their front-end's was developed using Ruby with malformed UTF-8 sequence.

Finally, I will say this and i don't expect you to accept! Imagine a situation whereby your website requires more than one server for it to satisfy it task . You have to handle the sessions across all servers, isn't it - How would you go about that if you have it (sessions) reside on a tmp file on a single server.

Session handling and manipulation goes beyond "several logins for school" no offense.

- nitation

First of good points, I like valid points and I always raise my hands when someone makes a good point about what they are saying, secondly each school use only 1 login, based on certificates which we would have given them, frankly I don't want to go deep into that any way.

But you have made your point working across different servers, so that is cool I understand, but personally as its like a vote, i just prefer storing sessions as files. I am not trying to say this is better, hope you understand that.

Thank you

nitation:

@ DHTML && Yawatide

You don't expect people to comment because it's not about HTML and Flash, or website review. Na d problem with our peeps be that. They prefare to run away from important issues and attend to unproductive arguments.

We can give tutorials on how to go about it. Both procedural and OOP for whoever that's interested.

- nitation

nitation:

The simple answer to your point kolitos is because, the more interactive your program becomes, the more the database involvement. By your tone, it seems you haven't worked on large applications in the past or else, you should have a general idea about what we are talking about.

Kudos to your observation though:

- nitation

As usual - what a blatant display of arrogance and petty patronage!

xanadu:

As usual - what a blatant display of arrogance!

hehe, Mate, we already know what he his like lol, without knowing who is talking to, he just always assumes, I just listen to the guy he his the master hehe

@ Xanadu

On the contrary, you are totally off topic! What is wrong with this forum, once we can't provide substantial response to a topic or we observe that someone is commenting positively, the next thing is to insult! You don't fucking have any reserve right to label me in such manner - Maggot!

@ Kolitos

Were you waiting for someone to help you to insult nitation all this while. So you have a burning worm in your left stomach for the past months. Common whats wrong with your guts.

@Moderators

I hope you guys are viewing cos it's totally uncalled-for

- nitation

@ Xanadu

I think you are mixing this room for Games or Politics. You better borrow a binocular.

Rubbish

nitation:

@ Xanadu

On the contrary, you are totally off topic! What is wrong with this forum, once we can't provide substantial response to a topic or we observe that someone is commenting positively, the next thing is to insult! You don't fucking have any reserve right to label me in such manner - Maggot!

@ Kolitos

Were you waiting for someone to help you to insult nitation all this while. So you have a burning worm in your left stomach for the past months. Common whats wrong with your guts.

@Moderators

I hope you guys are viewing cos it's totally uncalled-for

- nitation

Right you are calling on the moderator, and yet you use such abusive language, which is true, what that dude was saying, shows a large amount of arrogance and disrespect towards others, there is one thing to help people there is another talking down at people.

Simple thing say things to people, but then you pass comments that are insulting, like "from your tone you have not worked on big projects before", I don't know who you are and I won't say that to you, even if you haven't done so there was no need for that. I even acknowledge the points you made, but yet I didn't not throw any abuse towards you, or acted with such a barbaric attitude to others.

Show some standard in the way you talk, and maybe you will bring respect to yourself give respect to earn respect no matter what you do.

Saying you haven't worked on larger project was disrespectful? I didn't realise that! The motive wasn't to insult or down-grade your potentials! You know what you know, if it works for you - so be it. I am not in any position to force you to believe or read my facts right. Again, there is nothing wrong with you haven't developed the so-called " bigger project". I am not an employer who's interested in anybody's CV. The point here was all about Saving sessions in DB or the default location.

Anyway, That thing you're looking for, I know it.

S O R R Y

if you misunderstood me.

- nitation

Potential war/cautioning averted.

If only life were any simpler, the world would be a better place

@ Yawatide

You are very correct here. It all resolve to your signature line "Great minds attack issues, little minds attack personalities"

press my button on the next line it's important.

- nitation

nitation:

@ Xanadu

On the contrary, you are totally off topic! What is wrong with this forum, once we can't provide substantial response to a topic or we observe that someone is commenting positively, the next thing is to insult! You don't fucking have any reserve right to label me in such manner - Maggot!

@nitation - your response is no different than I expected. Your immediate response to my initial post, where I exposed your comments as full of arrogance and patronage, confirms exactly what I said.

Tell me: what exactly is 'positive' about your comments about Nairalanders above? What is positive about your comments about @kolitos? Take a look again, and tell me.

You know what? You have gotten away with this for so long, you did not expect anyone to call you to order. You make yourself a tin-god with all your 'cut-and-paste knowledge', and you think a public forum is a place to belittle people who come here to learn and share?

nitation:

@ Xanadu

On the contrary, you are totally off topic! What is wrong with this forum, once we can't provide substantial response to a topic or we observe that someone is commenting positively, the next thing is to insult! You don't fucking have any reserve right to label me in such manner - Maggot!

And you dare call out to the moderators - really? The reason I quoted your statements is so you can go back and take a closer look at them - the moderators should do so too, and see if, in all sincerity, I was wrong in my opinion.

This is not like me to go this way - but as I said, I think someone needs to call you to order. And hopefully the message will go across to all the self-acclaimed 'experts' who see Nairaland as a place to ride roughshod over people who have genuinely come here to learn and share.

Listen - and listen good. You could very, very easily have contributed to this thread without making anyone feel 'small' for contributing to this thread. Why resort to the comments you made above?  

You have a choice here - you can either apologise and decide to change, or crawl into your arsenal of insults to pick fresh ones to throw at me - it matters not.

The moderators you have called upon have a choice too - look through all the statements I highlighted above and see whether or not my comments about the DISPLAY of arrogance is correct or not - or let this sort of thing go on - again, it matters not.

What matters is that someone has had enough of the patronage and arrogance displayed on some threads on Nairaland, and has made bold to let that known.

@nitation,

Your apology and my reply - in which I had asked for an apology, not to me of course - crossed.

I have now seen it, and am happy it has gone this way. I am sure @kolitos is happy as well.

Well done, and thank you.

I can see you have a well detailed evidence against me. Trust, the battle cannot be won if stubbornness is the next lane to cross. And your post about cut-and-paste knowledge, where was that coming from? Anyway, I have a lot on my sleeve this evening and I wouldn't wanna continue to prove myself right for no one.

Xanadu - You called it arrogance, I say it's passion.

I will let NL be and let the best help with problems.

More grace to your elbow

-nitation