Just wondering for user permission check,
Should you keep the permission in the session
eg. select out the user info and store the permission id in the session
or doing a permission check against the database everything time before you doing a query?
分享 In an application, data that is not available, should not be available. How you establish this simple procedure is up to you and depends a lot how you structure your application.
For example, you allow data-access with the database credentials you share across your whole application probably within it's configuration values.
Assuming you do this: If you have not a problem with that, why are you concerned about a much more detailed case that much?
分享
