Is it a good practice to carry DB values in session variable or in a cookie?

Is it a good practice to carry DB values 开发者_Python百科in session variable or in a cookie?

It's a usual practice to save some values as session variables (like the user ID), not in cookie as a cookie can be changed by the user. Just remember to regenerate the session ID when your user's rights changes (login, logout, goes on admin page etc.) to avoid session hijacking problems.

It all depends on what these values are and/or the quantity of data.

For example, You wouldn't store a password or a huge BLOB of data in a cookie.

Sticking with a session id in the cookie is usually the best practice.