The (not existing but still logged in) user should not have any access at all!
I solved it by putting this into the AppController's beforeFilter: if($checkuser = $this->Session->read('Auth.User.id')) { if( !$this->Auth->identify($checkuser) ) { $this->Auth->logout(); } } On 16 okt, 21:42, James K <[EMAIL PROTECTED]> wrote: > I disagree. That is an unnecessary query on every page - it's the > reason we have session states. > > This is something that foreign key constrains can solve at the > database level. The user shouldn't be able to submit or change any > information if their user id does not exist. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---