Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

methodologies for managing session variables

Tags:

php

mysql

session-variables

session

triggers

I've been reading up on (mysql) triggers the last few days... specifically what I'm trying to do is figure out a good methodology for updating a user's information.

The case use for this is related to a user management system: Take for instance a admin user updating a regular user to a manager, this user type change would then enable|disable software features on the interface.

Problem: You won't know about this user type change unless you query the database and reset say for example the $_SESSION['user']['type'] variable, and or the user logs-in|out of the system.

Question: Is there any good methodologies to solve this headache?

like image 423
Jordan Davis Avatar asked May 12 '16 11:05

Jordan Davis

People also ask

How variables are handled in session?

Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser. So; Session variables hold information about one single user, and are available to all pages in one application.

What are session variables?

What Are Session Variables? Session variables are special variables that exist only while the user's session with your application is active. Session variables are specific to each visitor to your site. They are used to store user-specific information that needs to be accessed by multiple pages in a web application.

How can a variable be saved in a session?

Session variables are stored in associative array called $_SESSION[]. These variables can be accessed during lifetime of a session. The following example starts a session then register a variable called counter that is incremented each time the page is visited during the session.

Which global variable is used for session variables?

Session global variables are either built-in global variables or user-defined global variables. The value of a database global variable is a single value that remains the same for all sessions that use this particular global variable.

2 Answers

I don't think mysql triggers would be ideal for this. Why? Because you will most probably end up with part of logic in php and part in mysql. It's a good thing to stay with one technology because it will be easier to maintain/debug code for you and your colleagues later.

So in your case, if you want the change of user role would take immediate action, you would have to either load user role on each script run or log out user using some flag in database that would signal that his session is not valid anymore (or you could implement your own session_set_save_handler that would save session somewhere in file where you could delete it to log out user).

It depends on your needs which solution would better fits your case.

  • If your roles logic is complicated and it consists of multiple roles assigned to one user as well as extra permissions assignments/excludes per user it may be better to do this check once on user log in and then just remember the result using session.
  • If checking for permissions on each script run isn't an issue, you can do it. But be aware, for security reasons, it may be a good practice to force user to log in again.
  • If the user log out could cause lose of work, you should let user log out itself and apply new permissions after next log in (you can show user a message that new permissions are awaiting log in to take effect).

So it really depends on your needs to choose if it's better to log out user, give him new permissions right away or wait until next log in.

like image 200
Buksy Avatar answered Sep 29 '22 04:09

Buksy

Question: Is there any good methodologies to solve this headache?

Find good reasons not to do it!

While this might sound like a joke, i am completely serious. You have to consider:

  • What is the value of that feature?
  • Is it worth the headache cost?
  • What are the risks of that feature (incomplete work / system consistency)?
  • Do you have to change the system core?
  • Would you have to revalidate the system?
  • Are there other really great features (system improvements) waiting to be implemented?

Someone who doesn't feel comfortable answering these questions doesn't really need that feature.

Find simple alternatives:

  • Call the user and ask to log out.
  • Notify the user per email.
  • Provide a button for email notification.
  • Send email notification automatically after changing permissions.

This is no laziness. Just focus on real value.

like image 20
Paul Spiegel Avatar answered Sep 29 '22 04:09

Paul Spiegel
Sign in to Comment

Related questions

How does Back End and Front End work together? [closed]
How to implement single search form in yii2
Check the cause of slow loading time among different server
issue in sending form data to controller in yii2
Image upload CURL command to PHP Curl
PHP Generators - Garbage Collection
How to retrieve session data in service providers in laravel?
http_parse_headers with PECL_HTTP
Is it fine to keep an empty string as array key? [closed]
How to upload Video to YouTube using Google API PHP Client Library and Youtube API V3?
Cannot use isset () on the result of a function call (you can use "null != Func ()" instead)
Best practice to display the version of a Symfony application to the user?
in_array() performance optimization
Force Composer to update a package
How to work with cookies in Laravel 5.2
Difference between Error and ErrorException in PHP 7
List all skipped tests with PHPUNIT
Phalcon on PHP7?
How to check in PHP, if a socket still connected, if I don't have the socket handler?
Is there a way to upload an image before checkout completion without a plugin?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!