• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Update another users session data

#1
Hey,

So I am working on implementing roles / permissions function to my site. I am currently storing in my db a table that holds the users id and also the group id value. On log in this is added to the users session data and I am then using this to control content that can be viewed and permissions in the site.

It's working just fine - however should I elevate a users permissions level, there initial user data will remain unchanged, as such their group id changes within the group table but not within the session table - effectively rendering the update pointless.

The user is required to log out / in to reflect the change - I'd like to be able to push this change to their session data.

Is it possible to implement this somehow? Ideally I'd like to avoid db calls on the restricted pages, as the point of using the session data is to reduce the overhead from running queries against the database on page loads constantly.

Ideally I'd like to be able to set something along the following -

PHP Code:
$session_data = array('id' => '1''role' => '5');
$this->session->set_userdata($session_data); 

With this applying the update to the user with an id of 1 and not myself for example.

Thanks for any help you can offer!
Reply

#2
Typically, writing to the session data, affects your own session only.
What you could do, is check the user's role in the database on every page request.
There are several ways to do that, e.g. autoload a helper function or a library. Or base all your controllers on "MY_Controller" and put the code in the constructor of MY_Controller.
If the role in the database differs from the current role in the session, reload all user permissions and update the complete session. That way, the page that is being loaded, will only have the content that this user is allowed to see.
Reply

#3
hmmmm I was hoping to avoid querying the database on each page load ( or when the Controller is called to be exact... )

I'll revisit my approach to this I think.

Thanks for your help!
Reply

#4
If you're using the database to store sessions, you're already querying the database on each page load.
Reply

#5
Your best bet for avoiding a database read is probably to use one of the caching mechanisms to store the user/role/group data rather than the session.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.