Pulling users information from mysql table, using a $_SESSION or $_GET, PHP?

I am building a website for fun, I have a question and don't know where to look for the answer.

On a successful login, I am setting a session with the user's email and then using that to pull the necessary data from mysql. Is there any downsides to doing it like this? Or would it be better appending the user's email to the url?

How safe is it to store the user's email in a session? I thought about hashing the session, but that would also mean hashing it when they signup/ login etc, so even if the session file could be viewed开发者_如何学编程 it would take some serious hacking to get the email?

And how common is it for people to hash, both password and email? Is it really needed??

It is a bad idea to add any personal information to an URL for authorisation purposes. I would go with the hashing of the user's credentials, with a pseudorandom salt.

You should really salted-hash at last the password the very second you get it the first time - and never use the clear-text pw ever again.