php storing user id in session?

Question

I am wondering what the risks are of storing the userid in a session?

then simply doing a

if(isset($_SESSION[\'user_id\'])){
  login_user($_SESSION[         


        

Answer 1

Storing a user id in $_SESSION is a reasonably common practice.

Your alternative could be to store the session information (including current user id) in a table using the session_id() in some form, as the key.

Session information is stored as plain text.

Dependant on your setup, the session location should be safe on a properly setup server. It is possible to change the location with session_save_path() which will overcome potential location issues.