Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Update another users session data
Update another users session data
  • Offline taskone
    Junior Member
  • **
  • Posts: 12
    Threads: 3
    Joined: May 2015
    Reputation: 0
#1
06-20-2015, 12:19 PM

Hey,

So I am working on implementing roles / permissions function to my site. I am currently storing in my db a table that holds the users id and also the group id value. On log in this is added to the users session data and I am then using this to control content that can be viewed and permissions in the site.

It's working just fine - however should I elevate a users permissions level, there initial user data will remain unchanged, as such their group id changes within the group table but not within the session table - effectively rendering the update pointless.

The user is required to log out / in to reflect the change - I'd like to be able to push this change to their session data.

Is it possible to implement this somehow? Ideally I'd like to avoid db calls on the restricted pages, as the point of using the session data is to reduce the overhead from running queries against the database on page loads constantly.

Ideally I'd like to be able to set something along the following -

PHP Code:
$session_data = array('id' => '1''role' => '5');
$this->session->set_userdata($session_data); 

With this applying the update to the user with an id of 1 and not myself for example.

Thanks for any help you can offer!
Reply
  • Offline Wouter60
    Posting Freak
  • *****
  • Posts: 851
    Threads: 38
    Joined: Feb 2015
    Reputation: 77
#2
06-20-2015, 11:29 PM

Typically, writing to the session data, affects your own session only.
What you could do, is check the user's role in the database on every page request.
There are several ways to do that, e.g. autoload a helper function or a library. Or base all your controllers on "MY_Controller" and put the code in the constructor of MY_Controller.
If the role in the database differs from the current role in the session, reload all user permissions and update the complete session. That way, the page that is being loaded, will only have the content that this user is allowed to see.
Reply
  • Offline taskone
    Junior Member
  • **
  • Posts: 12
    Threads: 3
    Joined: May 2015
    Reputation: 0
#3
06-22-2015, 02:54 AM
(This post was last modified: 06-22-2015, 02:54 AM by taskone.)

hmmmm I was hoping to avoid querying the database on each page load ( or when the Controller is called to be exact... )

I'll revisit my approach to this I think.

Thanks for your help!
Reply
  • Offline CroNiX
    Senior Member
  • ****
  • Posts: 428
    Threads: 0
    Joined: Jan 2015
    Reputation: 25
#4
06-22-2015, 06:43 AM

If you're using the database to store sessions, you're already querying the database on each page load.
Reply
  • Offline mwhitney
    Posting Freak
  • *****
  • Posts: 1,101
    Threads: 4
    Joined: Nov 2014
    Reputation: 95
#5
06-22-2015, 08:29 AM

Your best bet for avoiding a database read is probably to use one of the caching mechanisms to store the user/role/group data rather than the session.
Bonfire
Practical CodeIgniter 3
CodeIgniter Testing Guide
Reply




Theme © iAndrew 2016 - Forum software by © MyBB