How can this be the preferred behaviour? What do you do if you get a 'bad' user? Even if you delete his user record you are helpless to stop him until he voluntarily logs out!
Or, what if you have a regular user who needs his 'role' changing? Granted, profile edits and changes in roles are required less often, but the security issue alone is enough to warant a refresh on every page. A quick read of the database is hardly going to kill the system. On Jul 14, 2:50 am, "Jonathan Snook" <[EMAIL PROTECTED]> wrote: > On 7/13/08, RichardAtHome <[EMAIL PROTECTED]> wrote: > > > It looks like the Users model is only being read once at login and the > > details stored in a session (not checked the cake code, but that would > > match the behaviour I am experiencing). > > > Basically, the edit is working (ie, database gets updated), but the > > $this->Auth->user() isn't. > > I contend that this is the preferred behaviour. Refreshing the user > object stored in the session is unnecessary on 99% of the page views > (I suspect most users don't edit their profiles on a regular basis). > > I suspect that it's just a simple storing of the current user in the > session (in Session->read('User')) but it'd be nice to have an > Auth->refreshSession() method that would refresh the current user in > the session. Maybe submit a ticket for that... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---