dqbjvg2518 2015-05-11 18:50
浏览 32

PHP - 在数据库编辑期间存储在Session中的用户

I have a system that represents users as object. These object are initialized by reading in a database. Once the users (or objects) are created I store them in a session in order to navigate through pages without re-initiate the users from the database.

Suppose that an admin changes (let say) the users' permissions. From the edit until the session expires, a user could have higher (or lower) permissions than those declared by the admin.

How can I handle this kind of situation? Suppose I have a sessions that expires after hours or more. Should I send a request to database every n minutes to update the user objects?

  • 写回答

1条回答 默认 最新

  • doumi1099 2015-05-11 19:35
    关注

    The way I do it in my applications is a check on every page load.

    So, permissions might be stored in a session, but you can always update those.

    Let's say someone logs in and their permissions are set to full.

    If you're checking on every page load and updating their session, someone can update their permissions at any time and their object will have the new permissions reflected every time they perform an action.

    It doesn't matter much if they're just reading a page, but when they try to do something: submit a form, go back to home, visit a new page, or whatever, then their permissions will get updated.

    评论

报告相同问题?

悬赏问题

  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了
  • ¥100 监控抖音用户作品更新可以微信公众号提醒
  • ¥15 UE5 如何可以不渲染HDRIBackdrop背景
  • ¥70 2048小游戏毕设项目
  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 linux驱动,linux应用,多线程