So I have this web app that in theory may one day become a for-pay application – if anyone actually finds it useful and worth it.

I have all the logic to handle payment, check to see if the account is overdue etc. in place. It is all stored in RavenDB (RavenHQ actually) – not that this should matter to the question at hand.

Now, I am trying to follow best practices, and I want my application to be performant, i.e. not micro-optimizing, but I want to do things in a way that will scale relatively well with load (if it takes off it will be hosted – I would love to not have to pay for more servers than is strictly necessary).

My app uses something close to the default login/account model. Users log in securely using forms authentication over https.

At what point should I check that a user is actually allowed (with regards to payment status etc – a domain model concern really) to be using the web application? Consider that this will mean requesting a single document from the RavenDB backend and checking if the current payment period has expired.

Should I:

• Check every time the user logs in, and make them unable to “Remember me” for more than x hours, where x is a relatively small number?

• Check in a few central controller actions that the user would visit relatively often – the application would essentially be severely restricted if these actions were not available.

• Do a global action filter that checks for every request, then redirects to the “Pay nooooow!” page as soon as stuff expires?

• Another option?

RavenDB does clever caching, so I don’t think a request for this document would kill performance, but should the application really take off (unlikely, but one can dream), an extra database request per http request will probably lead to Ayende hunting me down and mercilessly beating me. I don’t want that.

It seems to me like this is something that others would have thought about and solved, so I am asking – what would be the right way to handle this?

Thanks for any insights!