What are the best practices for storing PHP session data in a database?

Question

I have developed a web application that uses a web server and database hosted by a web host (on the ground) and a server running on Amazon Web Services EC2. Both servers may be used by a user during a session and both will need to know some session information about a user. I don't want to POST the information that is needed by both servers because I dont want it to be visible to browsers / Firebug etc. So I need my session data to persist across servers. And I think that this means that the best option is to store all / some of the data that I need in the database rather than in a session. The easiest thing to do seems to be to keep the sessions but to POST the session_id between servers and use this as the key to lookup the data I need from a 'user_session_data' table in the database.

I have looked at Tony Marston's article "Saving PHP Session Data to a database" - should I use this or will a table with the session data that I need and session_id as key suffice? What would be the downside of creating my own table and set of methods for storing the data I need in the database?

Answer 1

If transfer speed and response times between EC2 and the database server are good enough, I see no problem with storing the session data as described, and passing the session_id along when transfering the user to a different server.

--

Storing session data in a database is pretty common practice. "Storing data on a session" does not imply any actual storage method – creating files on disk is simply PHP's default setting, since it doesn't require any setup.