I also prefer database storage.

The rest of my application data is already in there. A database can have
better security, because it has its own permission and authentication
system, while file-based sessions often end up owned by "nobody", which
other users on a shared system can access.

I'm not so concerned about "faster", since databse storage is "fast
enough".

I think the only reason /not/ to use database storage is because the
database isn't be used for anything else. In that case, I would consider
file storage for simplicity.

Last edited by shabbir; 6Dec2008 at 19:24.. Reason: Confine links to signatures.