Hello guys, I need some suggestions about which class I should use between cdbhttpsession and CHttpSession.
We are building an E-commerce site with Yii framework.
Customer security issues are the most critical thing we need to consider.
After separating my client application between Server A and MySql storage in Server B,
I then had some issues when using the session component:
- Using CDbHttpSession,
When i call
Yii::app()->user->hasState(‘orderDetails’) => returns false.
When I call this again or even third time, it does pass. Yii::app()->user->hasState(‘orderDetails’) => finally returns true.
I am guessing that it is caused by the communication with Server B ? delay? timeout?
- Using CHttpSession,
The problem described above doesn’t arise. The customer goes through the payment page, redirected to 3rd party site (of the bank). When the customer returns back less than 1 minute later, the user gets disconnected. What’s more embarrassing is that it happens not every time, just 1/3 of the time.
So I decided to create a local session database for server A using CDbHttpSession. I have a feeling this could be dangerous, such as if our server A is hacked, the session variable could be hacked too, and all the information could be hacked.
So, I am hoping to find some solutions for these issues, and also suggestions regarding security on this matter.
Thanks a lot.