User privileges good-practice? |
[eluser]Madtrooper[/eluser]
Hey guys! I'm new to using Codeigniter, or any other PHP framework. I've been using it for 2 weeks now and I love it! As I'm still learning (and eager doing so) I have a questiong. Right now I have a simple user registration/login with some basic session management so that when a user logs in, some functions check whether the username/password combination exists in the database. If so, a session will be created including data like username and access_level (admin or user): http://pastie.org/3601311 Now, is it safe and secure to just determine whether a user is admin or normal user at login only, and save this in the session? So that every time a user tries to access a admin-only page, the default contructor (for instance) checks the session variable access_level?: http://pastie.org/3601315 Or would it be better to check the database every time for this information? I did configure codeigniter to save the sessions in the database. I'm wondering what's considered good-practice for this kind of session management & access level verification? Thanks in advance!
[eluser]oliur[/eluser]
In one of my previous project I used auth library. So once user successfully logs in I read the user specific values from the database (including their role permission settings) and save it in codeigniter config global variable. So it looks something like this: Code: public function __construct(){ Then in your view you could do something like this Code: // read config values You can read more about the Config class here |
Welcome Guest, Not a member yet? Register Sign In |