I have a question for you PHP gurus. In the past I've designed my code around not putting sensitive info in $_SESSION. I don't know where I picked up the habit and I don't know if there's any reason behind it.
My question is is it good practice to use $_SESSION to store sensitive information? For example, a $_SESSION['access_level'] variable that determines whether or not a user can access certain parts of the site? In the past my approach was to store something less sensitive like $_SESSION['username'] and then use SQL to determine access levels on the fly, but if I can avoid the extensive SELECT's by storing the info in memory, I'd like to.
Can somebody advise?