On Fri, Mar 18, 2011 at 11:19 AM, Stuart Dallas <stuart@xxxxxxxx> wrote: > On Friday, 18 March 2011 at 17:14, Torsten Rosenberger wrote: > > > I'm curious to know what people are storing in their sessions. Is there > anything larger than a few hundred bytes that is specific and unique to that > session storage? What are the use cases for server-side session storage > because it seems like I'm missing something? > > > > I store user rights in the session but also possible to do it with a DB > query every time. > > Why not store those in an encrypted cookie? Unless we're talking about more > than a couple of hundred bytes I see no reason to store them separately > server-side or to hit the DB each time. Stuart, would you not agree that sending any amount of data over the wire takes more time than passing it over an internal network? From my perspective the tradeoffs of cookies vs. server side session storage are application performance and cost of ownership. An application will be more responsive if less data is sent over the wire on each request however running a distributed session store on the server side can be expensive monetarily. Storing session data in cookies has it's merits, but I think they start to loose their benefits on large sites. The way I see it they can be a great way to cope with startup costs and server-side complexity on low traffic sites. -nathan
