Yeah that's safe. If it's stored in the database, there's pretty much nothing a user can do to tamper with the data.
I am using Tank Auth in Codeigniter. I am unsure how my application would invalidated the session, but it does uses the database so as Matthew said, I should be safe which I am really hoping for. – Anraiki Sep 25 '10 at 15:30 @Anraiki what I meant was: say user X is logged in and you change his role.
How will the session handler know to refresh that from the database to get the changed role? Perhaps you need a way to invalidate the session for that user so he can re-login, or a way to know to fetch the new role from the database – Fanis Sep 25 '10 at 15:58 I think you're over complicating it. If they want to change roles from 'user' to 'admin', there can be a function that says something like $this->session->set_userdata('role', 'admin').
You also need to save it to the respective user row so when they login at a different time it reflects correctly. – Matthew Sep 25 '10 at 18:04 2 @Matthew if you, as admin, are logged in to the site and change a user's role, how will you access that user's session? $this->session will access your session.It's really an edge case, since it will happen rarely and you can just set a user property to notify the user to re-login.
I just figured I'd bring it up as food for thought. Whenever you cache things aggressively you need to have a way to invalidate the caches remotely. – Fanis Sep 25 '10 at 20:57.
Storing the role in the session along to avoid querying for it all the time should be fine if it's mostly static. Just consider what to do in the edge case when the user's role is edited while the session is valid (logged in or not expired). Should the session be invalidated for him so he has to re-login?
Or have your application know that the role is now stale and should be refreshed from the database?
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.