Reputation: 2346
Check user Group Level via session or database?
When the Customer or Admin have logged in, their member_id will be stored in the session ($_SESSION['member_id'])
There are number of group levels, is it better to store in the session like this:
$_SESSION['group_id'] = 2;
or check the group level from the database?
SELECT group_id FROM users where member_id = . $_SESSION['member_id'];
I have written Users Login class for the frontend, there is nothing wrong using same class for the backend?
Upvotes: 2
Views: 1113
Answers (2)
Reputation: 9148
If you have the member_id stored in a session variable, why not have group_id ? session variables allow persistance in your data between requests and that seems to be what you need.
Although some do recommend to keep session data at a minimin, ie:
$_SESSION['uid'] = 5;
$_SESSION['logged_on'] = true;
I would not consider having group_id as bad usage of session vars since in your case member_id depends on group_id to do anything.
Upvotes: 4
Reputation: 78561
The main difference between the two is that, in the first case changes to the user's group might only be visible in the next session (e.g. user is logged in, and an admin changes the group) whereas in the other they'll take immediate effect.
Upvotes: 3
Related Questions
- PHP - How to check users level into a login session
- Verifying user is part of ldap/active directory security group
- PHP Check Session if one has privilege
- Pull users access level from database and add to session
- How to identify user access privileges using PHP and MySQL?
- Neat way to check User Group Levels?
- PHP - How to find user level based on their username?
- Checking if a user is logged in
- User login with groups
- PHP - Good practice to apply multi-level PHP User Authorization