Welcome to the new platform of Programmers Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use it's exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.
PHP good practices question
I have a question for you PHP gurus. In the past I've designed my code around not putting sensitive info in $_SESSION. I don't know where I picked up the habit and I don't know if there's any reason behind it.
My question is is it good practice to use $_SESSION to store sensitive information? For example, a $_SESSION['access_level'] variable that determines whether or not a user can access certain parts of the site? In the past my approach was to store something less sensitive like $_SESSION['username'] and then use SQL to determine access levels on the fly, but if I can avoid the extensive SELECT's by storing the info in memory, I'd like to.
Can somebody advise?