I have stores a unique session id in session when user logged in using session_regenerate_id() funciton . Every time user gets loged in in my website he will get a fresh session id.
now i want to save some of his data in a db table. I want to know how should i store data so that the new table gets foreign key from the user id of main table. Because i want to relate that information with the user id that is stored in main table. I dont want to store main table ID column in session as user_id because of security. Please all you big developers suggest me a good way in core PHP instead of frameworks.
Developers Will easily understand what i want to ask . I am a bit new :)
THANKS so much Faysal
When using session, a random string is generated to identify a user - this string is called session ID. Session ID is stored in cookies. Cookies are sent to the web server with every request. On the server, session ID is then connected with session data.
Attacker can't change the session data, therefore, storing a user ID in session is not a security threat.
For cases when an attacker steals someone's session ID, for protection you can check if the user agent and IP address are the same as when session was created. If not, just destroy the session.
To identify a user, you need to connect session with a user. Doing so through a chain of tables in database doesn't provide any security.