Good day experts, please tell me on the website every time we generate a page, you create a query in the database, the token from the cookie is checked the user authorization, if the token matches, then the session stored user data (just to not make global variables). And so on each page.
In General, the question arose, when generating ajax request, in which it is important to obtain reliable data of the user whether to do an additional query to the database? or you can pull out of session? In other words is it possible to tamper with the data session from a browser for example? I.e. whether the user can change the value of session handles, such as cook?