Hi Guys,
I seek your wisdom on how to best prepare a script/database so that it can handle user authentication with a large number of active users
I currently have a mysql database with many tables, one of them "users". The users table holds information about all the users, including their username,password,email.
Currently what happens during the logon stage is the username/password are checked against those in the users DB, then a random (50 character) cookie is generated and sent back via the header to the user. The cookie is their session ID. It is also stored in the DB. This way the actual password doesn't have to be stored in a cookie.
Now, I may need to authenticate many times, but after the initial logon the session cookie will keep the data for an hour. Would it be better to store the session cookie in a temporary file instead of the DB so that the DB doesn't have to get queried for authentication every time or would this grind the hard drive too much (i'm thinking of using the session id as the filename so each file only stores the users login, and they are deleted via cron process after they are older than 1 hour).
I want this to be as fast as efficient as possible, while staying safe.
Please let me know how you go about authenticating in an environment that receives significant traffic. What are your practices.
As always, thanks for your great feedback and advice.
Luc L.
I seek your wisdom on how to best prepare a script/database so that it can handle user authentication with a large number of active users
I currently have a mysql database with many tables, one of them "users". The users table holds information about all the users, including their username,password,email.
Currently what happens during the logon stage is the username/password are checked against those in the users DB, then a random (50 character) cookie is generated and sent back via the header to the user. The cookie is their session ID. It is also stored in the DB. This way the actual password doesn't have to be stored in a cookie.
Now, I may need to authenticate many times, but after the initial logon the session cookie will keep the data for an hour. Would it be better to store the session cookie in a temporary file instead of the DB so that the DB doesn't have to get queried for authentication every time or would this grind the hard drive too much (i'm thinking of using the session id as the filename so each file only stores the users login, and they are deleted via cron process after they are older than 1 hour).
I want this to be as fast as efficient as possible, while staying safe.
Please let me know how you go about authenticating in an environment that receives significant traffic. What are your practices.
As always, thanks for your great feedback and advice.
Luc L.