MVC Pages that require the user to be logged in

Posted by keithjgrant on Stack Overflow See other posts from Stack Overflow or by keithjgrant
Published on 2010-03-31T21:19:58Z Indexed on 2010/03/31 21:23 UTC
Read the original article Hit count: 170

Filed under:
|
|

I'm working on a little MVC framework and I'm wondering what the "best way" is to structure things so secure pages/controllers always ensure the user is logged in (and thus automatically redirects to a login page--or elsewhere--if not). Obviously, there are a lot of ways to do it, but I'm wondering what solution(s) are the most common or are considered the best practice. Some ideas I had:

  • Explicitly call user->isLoggedIn() at the beginning of your controller action method? (Seems far too easy to forget and leave an important page unsecure on accident)
  • Make your controller extend a secureController that always checks for login in the constructor?
  • Do this check in the model when secure information is requested? (Seems like redundant calls would be made)
  • Something else entirely?

Note: I'm working in PHP, though the question is not language-dependent.

© Stack Overflow or respective owner

Related posts about mvc

Related posts about login