I am trying to write my own MVC to practice PHP code architecture.
I just discovered the concept of Dependency Injections (...and DI containers in general - currently using PHP DI) and their purposes - Which is amazing - I do not pass a database instance for every class which uses the "Database" class, or use a static method to inject the database object $this->db = getDbInstance(); which breaks the testing.
In terms of the database situation, this is the best option I have found.
I have a "SystemUser" class, responsible for: fetching users data, logging in a user, setting the user session secret/token, checking if a user is logged in, ect').
I am currently saving to my $_SESSION some SystemUser data (mainly for validation and login purposes) like: 'user_id', 'isLoggedIn', 'secret', 'token', 'user_ip', 'loginTimestamp', ect'...
but do have to create and pass a new "SystemUser" instance to other classes which use it. For example: On every new page I check if the user is still logged in, or have permissions to view a certain feature, and re-grab the user data from the session.
I was thinking if it's considered a "good practice"/common to fetch an already created object from a container of a "SystemUser", and always refer to it.
Are there any risks? Security risks? Is there any reason why most of the tutorials online save a logged in user details as a session and not in a container?
Aucun commentaire:
Enregistrer un commentaire