The (not existing but still logged in) user should not have any access
at all!
I solved it by putting this into the AppController's beforeFilter:
if($checkuser = $this->Session->read('Auth.User.id'))
{
if( !$this->Auth->identify($checkuser) )
{
$this->Auth->logout();
}
}
On 16 okt, 21:42, James K <[EMAIL PROTECTED]> wrote:
> I disagree. That is an unnecessary query on every page - it's the
> reason we have session states.
>
> This is something that foreign key constrains can solve at the
> database level. The user shouldn't be able to submit or change any
> information if their user id does not exist.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
