MVC Pages that require the user to be logged in
Posted
by keithjgrant
on Stack Overflow
See other posts from Stack Overflow
or by keithjgrant
Published on 2010-03-31T21:19:58Z
Indexed on
2010/03/31
21:23 UTC
Read the original article
Hit count: 173
I'm working on a little MVC framework and I'm wondering what the "best way" is to structure things so secure pages/controllers always ensure the user is logged in (and thus automatically redirects to a login page--or elsewhere--if not). Obviously, there are a lot of ways to do it, but I'm wondering what solution(s) are the most common or are considered the best practice. Some ideas I had:
- Explicitly call
user->isLoggedIn()
at the beginning of your controller action method? (Seems far too easy to forget and leave an important page unsecure on accident) - Make your controller extend a
secureController
that always checks for login in the constructor? - Do this check in the model when secure information is requested? (Seems like redundant calls would be made)
- Something else entirely?
Note: I'm working in PHP, though the question is not language-dependent.
© Stack Overflow or respective owner