Create account



CodeIgniter.com Twitter      


  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Update another users session data

Offline taskone
Junior Member
**
Posts: 12
Threads: 3
Joined: May 2015
Reputation: 0
#1
06-20-2015, 12:19 PM
Hey,

So I am working on implementing roles / permissions function to my site. I am currently storing in my db a table that holds the users id and also the group id value. On log in this is added to the users session data and I am then using this to control content that can be viewed and permissions in the site.

It's working just fine - however should I elevate a users permissions level, there initial user data will remain unchanged, as such their group id changes within the group table but not within the session table - effectively rendering the update pointless.

The user is required to log out / in to reflect the change - I'd like to be able to push this change to their session data.

Is it possible to implement this somehow? Ideally I'd like to avoid db calls on the restricted pages, as the point of using the session data is to reduce the overhead from running queries against the database on page loads constantly.

Ideally I'd like to be able to set something along the following -

PHP Code:
$session_data = array('id' => '1''role' => '5');
$this->session->set_userdata($session_data); 

With this applying the update to the user with an id of 1 and not myself for example.

Thanks for any help you can offer!
Find
Reply

Offline Wouter60
Posting Freak
*****
Posts: 852
Threads: 37
Joined: Feb 2015
Reputation: 77
#2
06-20-2015, 11:29 PM
Typically, writing to the session data, affects your own session only.
What you could do, is check the user's role in the database on every page request.
There are several ways to do that, e.g. autoload a helper function or a library. Or base all your controllers on "MY_Controller" and put the code in the constructor of MY_Controller.
If the role in the database differs from the current role in the session, reload all user permissions and update the complete session. That way, the page that is being loaded, will only have the content that this user is allowed to see.
Find
Reply

Offline taskone
Junior Member
**
Posts: 12
Threads: 3
Joined: May 2015
Reputation: 0
#3
06-22-2015, 02:54 AM (This post was last modified: 06-22-2015, 02:54 AM by taskone.)
hmmmm I was hoping to avoid querying the database on each page load ( or when the Controller is called to be exact... )

I'll revisit my approach to this I think.

Thanks for your help!
Find
Reply

Offline CroNiX
Senior Member
****
Posts: 428
Threads: 0
Joined: Jan 2015
Reputation: 25
#4
06-22-2015, 06:43 AM
If you're using the database to store sessions, you're already querying the database on each page load.
Find
Reply

Offline mwhitney
Posting Freak
*****
Posts: 1,101
Threads: 4
Joined: Nov 2014
Reputation: 95
#5
06-22-2015, 08:29 AM
Your best bet for avoiding a database read is probably to use one of the caching mechanisms to store the user/role/group data rather than the session.
Bonfire
Practical CodeIgniter 3
CodeIgniter Testing Guide
Find
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.