accounts, as if the user object is stored in the session, and the user is
authenticated once then the object will never know they've been disabled.
Does this require a db check every time on the user? Or is it better to
store the sessions in the database and simply delete the session when a
users status is changed. The same applies to roles, for instance upgrading a
user to a moderator, you don't really want to delete all the sessions thus
logging out the user?
Any thoughts on this would be great.
-----
Simon
http://www.ajb007.co.uk/
--
View this message in context: http://www.nabble.com/Zend_Auth-and-Join-tp20037382p20040141.html
Sent from the Zend Auth mailing list archive at Nabble.com.
没有评论:
发表评论