Just wondering for user permission check,
Should you keep the permission in the session
eg. select out the user info and store the permission id in the session
or doing a permission check against the database everything time before you doing a query?