When a user is authorized on the site, a session is created for him, in which, among other things, his login is saved.
If the user changes the username by the administrator, the user needs to re-create the session (log off and log back in) for the changes to be visible to him.
The question is: how, when changing the login in the database, immediately update the data in the session file, knowing the ID of this session?

I understand that knowing the ID you can open the session file, iterate over it and replacing the data - save again, but can there be a more correct option?

  • 2
    Do you need this solution - that is, overwrite the session in the file? Since you can simply put some flag for the user in his table such as updateSession. When the admin changes the login, he sets the flag to true. As the user accesses the server, this flag is checked and if it is true, the session is overwritten with the updated data, and the updateSession flag is set to false. - Daniel Abyan
  • Overwriting a session to a file is not the best idea - since PHP has many settings for the session. For example, access to session files may not be asynchronous, and if a user whose login is changed accesses the server, then at the moment it will not be possible to change the session file because it is busy. Or a session may not be stored in a file, but let's say in memcached. Or a session can contain a session of not one user, but several. In addition, there are two session saving algorithms in PHP and most likely both will need to be supported (ini_get ("session.serialize_handler")). - Daniel Abyan
  • @DanielAbyan Your comments are good answer! - gofr1
  • Regarding the storage of flags - of course, you can. But the idea is just to minimize the number of queries to the database. It is also necessary somewhere to shove an extra query to the user's table, and taking into account that this change can occur at any time - this query should be everywhere, and given that it may be needed every five years, then all these five years it will be absolutely not required request. Therefore, the question arose. I started digging from the Redis side, as far as I understand - what I need to do with it will be much easier in the sessions. Do I get it right? - hender
  • Yes, over Redis can solve this problem. Sessions will be stored in operational memory - which in turn is available from all corners of the site. In addition, performance will increase because the data will be read from the RAM, and not from the drive. But this is the case if your site really needs it. If there is no urgent need, the integration of one more technology into the site can add problems. You can look here - Daniel Abyan

0