Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Need help reducing database requests to check if a user is logged in
Need help reducing database requests to check if a user is logged in
  • El Forum
    Guest
  •  
#1
12-25-2009, 06:51 PM

[eluser]zsoerenm[/eluser]
Hello,

I build a function "logged_in()" to check if a user is logged in.
Each time it is called it checks the ordinary sessionid(), ipadress and last activity time with database.
Imagine this function called in a loop it can be very time consuming.

Would it be a good manner to save this value with the help of CI session class so that the database request is only needed once?
I mean it saves it values in a cookie and they can be easily changed in the browser. And what happens if someone disables cookies?

Is there a other secure way of saving this value without a database request?

Thanks
  • El Forum
    Guest
  •  
#2
12-26-2009, 04:54 AM

[eluser]stef25[/eluser]
Storing a TRUE / FALSE in the session would be a better solution. I do this but using the db_session function (http://codeigniter.com/wiki/DB_Session/) which keeps it in the DB instead of a cookie.

So there is still a query being run to get the TRUE / FALSE value but it's about as a light and fast as a query can get.

Or you could store it in a normal session cookie and if they delete cookies then they are also logged out. This is very common on a lot of sites.
  • El Forum
    Guest
  •  
#3
12-26-2009, 05:14 AM

[eluser]zsoerenm[/eluser]
[quote author="stef25" date="1261846486"]Or you could store it in a normal session cookie and if they delete cookies then they are also logged out. This is very common on a lot of sites.[/quote]

Yes but what is if they create cookie with logged_in as true when they have not logged in with a username and password?

What about storing this value in $_SESSION? This values are saved on the server, aren't they? What is the purpose of saving it in a extra database?
  • El Forum
    Guest
  •  
#4
12-26-2009, 05:21 AM

[eluser]stef25[/eluser]
Not sure Smile

Use db_session and store it in the db.
  • El Forum
    Guest
  •  
#5
12-26-2009, 05:32 AM

[eluser]stef25[/eluser]
From the user guide: "The Session class does not utilize native PHP sessions" and I would avoid using $_SESSION - stick to the CI way.

Usually data is just stored in a cookie. There is an option (I didn't know of) that lets you also store it in on the server side in a db table. See "Saving Session Data to a Database" here: http://ellislab.com/codeigniter/user-gui...sions.html

I use the db_session extension from the wiki. Not sure what the difference is between this and the DB option of the native CI session class.

The main advantage of saving things on the DB side is that you are not limited by the 4KB max data you can store in a cookie.

The manual really explains it better than I could Smile

http://ellislab.com/codeigniter/user-gui...sions.html
  • El Forum
    Guest
  •  
#6
12-26-2009, 10:09 AM

[eluser]BrianDHall[/eluser]
It's perfectly fine and minor for your application to use 1 database call to check to see if the user is logged in on every page request. The alternative is using an optimization in the form of a time-limited token, so it logs them in, gives them a token good only for 5 minutes, then re-validates them when the token expires.

This however is a not very trivial way to reduce a single database call, which is silly to do in the development phase - it might never even be worth addressing if/when it comes time to optimize for performance.

However, it IS reasonable to store the variable at the beginning of script execution, so in your logged in function set yourself a variable good only until the script finishes executing. If it is set then you don't run the database call, you just have your logged_in() function return true.

This solves the issue of running the same database call over and over in a loop, as the database is contacted only once the first time logged_in() is called on a particular page.
  • El Forum
    Guest
  •  
#7
12-26-2009, 11:11 AM

[eluser]zsoerenm[/eluser]
[quote author="BrianDHall" date="1261865396"]However, it IS reasonable to store the variable at the beginning of script execution, so in your logged in function set yourself a variable good only until the script finishes executing. If it is set then you don't run the database call, you just have your logged_in() function return true.

This solves the issue of running the same database call over and over in a loop, as the database is contacted only once the first time logged_in() is called on a particular page.[/quote]

Exactly, this is the way I want it to do! So how do you store your variable? It must be global because codeigniter load->library() method gives a new instance each time it is called. So just saving it in an object attribute wouldn't do the job.
Do you just use global $logged_in? Or stick with any class?
  • El Forum
    Guest
  •  
#8
12-26-2009, 03:20 PM

[eluser]BrianDHall[/eluser]
You can define a constant, which is available in all scopes but can't be changed once set.

You can define a class variable in your MY_Controller (so it's available in all controllers) which defaults to false but your login functions could set it to true. This would be done in a model/library as:

Code:
$ci =& get_instance();
$ci->logged_in = true;

In a controller you'd just use $this->logged_in.

Or you could just use the super-global $GLOBALS array.




Theme © iAndrew 2016 - Forum software by © MyBB