www.webdeveloper.com
Results 1 to 2 of 2

Thread: Access Control System Lookup

  1. #1
    Join Date
    Jan 2013
    Posts
    4

    Access Control System Lookup

    Hello,

    I'm working on a project with an authentication system that i'm looking to clean up. The short story of this project is a lack of consistency regarding authentication. I have a table of users and a table of profiles with associated permissions. I'm looking at going two routes:

    Option 1: Query the database on every page to check to see if the user has permission, then allow or deny them

    Option 2: Query the database when they login and store all the permissions in the $_SESSION array. Currently the system uses this method.

    I've done some reading, and i've heard arguments on both sides. Can anyone offer some additional insight? The one thing I am considering right now is that in the process of revising authentication, there will be a lot more individual permissions added, which would make the array considerably large. Would there be any noticeable performance issues with going either route?

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,251
    One possible alternative is to have an optional parameter for "important" pages that looks at the last login time (which you'd track in the session data), and if it's more than some arbitrary number of minutes (hours, seconds?) old, then it requires the user to login again (and typically also generates a new session ID). This way you can require a "fresh" login for operations that modify data or that reveal sensitive data, while being more lenient about general view-only actions.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles