Query with session : Is this the correct way?

Question

I have developed a membership script with php for learning and I have confused in a session issue: In login.php, after username and password query there is:

$_SESSION['user'] = $aut_user['user_name'];
$_SESSION['user_id'] = $aut_user['user_id'];

and after this, page redirects to user.php. In user.php I have used this query:

$id = $_SESSION['user_id'];
$sql = sprintf("SELECT *FROM members WHERE user_id = '%d' ", $id);

My question is; Which is the correct way:

1. assign all table items (id, username, user nick vs) in login.php
2. a query based on session in user.php

Thanks in advance

Answer 1

I would use your option 2:

Query the user data as when you need it based on the user id you have stored in the session.

There is no need to store data you migh not need in the session.

As Marco Ceppi has stated, the user data might actually change depending on the users interaction with your site, e.g. updating a profile. You wouln't want to have to update the database and the session.