在php中使用session var作为安全令牌吗？

I want to add some type of security token when a user is editing database content. I would like to check that the user has the authorization to edit and once that is establish I would like to have that token follow the user as they move through the edit pages. My thoughts are to set a session variable and then keep referring to that session variable. But my gut is telling me that something might be wrong with that idea. I guess I could keep requesting the info form the database at each page.

Yes, that is fine. Although you need to be careful:

• Employ TLS/SSL to encrypt the session identifier using HTTPS.
• Set the Secure Flag on the session cookie so that it is never leaked over plain HTTP.
• Employ HSTS to ensure users only connect to your site over HTTPS.
• Refresh the session token on login/logout to protect against session fixation.
• Never transmit the session identifier in the URL as it is vulnerable to leakage via referer header, history and proxy/server logs.

Check out the OWASP Session Management Cheat Sheet for further reading.