views:

28

answers:

2

Usage case: In order to handle acces rights for a web application without having to check them each time a page is displayed, I came up with this sheme: When an administrative user grants or removes access rights to an application user, check if there is a session currently associated with him. Case being, alter session data.

Does php5 provide such a session repository?

+1  A: 

No, each session is linked to the user by PHP/apache, so you may as well write the permissions to the DB. In order to make it faster, this would be best implemented with a shared cache (such as memcached).

Andy
A: 

Why do you need to do this? It sounds a lot like premature optimization to me. Also, the way you're describing it, the user's rights would be lost when the session ends.

PHP session data is stored by default in files in a temp directory. If you really want to do this, you could implement your own session library (start here).

If you truly have a reason to be concerned about the performance issues of hitting the database at every request, maybe you could instead cache the permissions for a limited amount of time.

notJim

related questions