Results 1 to 2 of 2

Thread: Access Control System Lookup

  1. #1
    Join Date
    Jan 2013

    Access Control System Lookup


    I'm working on a project with an authentication system that i'm looking to clean up. The short story of this project is a lack of consistency regarding authentication. I have a table of users and a table of profiles with associated permissions. I'm looking at going two routes:

    Option 1: Query the database on every page to check to see if the user has permission, then allow or deny them

    Option 2: Query the database when they login and store all the permissions in the $_SESSION array. Currently the system uses this method.

    I've done some reading, and i've heard arguments on both sides. Can anyone offer some additional insight? The one thing I am considering right now is that in the process of revising authentication, there will be a lot more individual permissions added, which would make the array considerably large. Would there be any noticeable performance issues with going either route?

  2. #2
    Join Date
    Aug 2004
    One possible alternative is to have an optional parameter for "important" pages that looks at the last login time (which you'd track in the session data), and if it's more than some arbitrary number of minutes (hours, seconds?) old, then it requires the user to login again (and typically also generates a new session ID). This way you can require a "fresh" login for operations that modify data or that reveal sensitive data, while being more lenient about general view-only actions.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center