Home/ Questions/Q 8872755
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T18:17:52+00:00

Let’s say we have this awesome User system before us, a User is logged

  • 0

Let’s say we have this awesome User system before us, a User is logged in by a session key (user_id) is set. If a User however gets “banned” the user will still be logged in – until the session expire.

Ways to prevent this is:

  1. Always check if user got banned (every request)

  2. save session data in perhaps a database to be able to remove the data easily (on the user being banned).

Is there a better approach performing this task?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would choose 1. If you don’t retrieve user information from your database in each request, users may also have trouble updating their data. For instance, I can log in at home, change my profile description to ‘foo’ and go work. There I log in as well, which results in a different session. I change the information to ‘bar’, which is stored in the database and in my work session. Then I go home and continue browsing in the previously opened home session, which will still contain ‘foo’.

    Therefor, I think you should at least do some checking against the user database on each request, so during that step you can check if the user is banned as well.

    To speed this up, you could keep a special table with storage type MEMORY to keep session information in. This table can be accessed really fast, so it may increase performance. You only need to move information there if a user has changed in the ‘real’ database. You may use memcache in a similar way. Both are solutions to keep database IO to a minimum while still having the same results. I would add these optimizations only when you need them. Start with just querying the user on each request.

    • 0