How can this be the preferred behaviour?
What do you do if you get a 'bad' user? Even if you delete his user
record you are helpless to stop him until he voluntarily logs out!
Or, what if you have a regular user who needs his 'role' changing?
Granted, profile edits and changes in roles are required less often,
but the security issue alone is enough to warant a refresh on every
page. A quick read of the database is hardly going to kill the system.
On Jul 14, 2:50 am, "Jonathan Snook" <[EMAIL PROTECTED]> wrote:
> On 7/13/08, RichardAtHome <[EMAIL PROTECTED]> wrote:
>
> > It looks like the Users model is only being read once at login and the
> > details stored in a session (not checked the cake code, but that would
> > match the behaviour I am experiencing).
>
> > Basically, the edit is working (ie, database gets updated), but the
> > $this->Auth->user() isn't.
>
> I contend that this is the preferred behaviour. Refreshing the user
> object stored in the session is unnecessary on 99% of the page views
> (I suspect most users don't edit their profiles on a regular basis).
>
> I suspect that it's just a simple storing of the current user in the
> session (in Session->read('User')) but it'd be nice to have an
> Auth->refreshSession() method that would refresh the current user in
> the session. Maybe submit a ticket for that...
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
