When a user is removed from the Users table, remove them from ACL. That way when (or if) they try and do something, ACL will deny them. It doesn't matter that they are still logged in since they are logged in as a user that can't do anything. Mark Story has a GREAT 3 part ACL tutorial and there is data about that on the book too. The reason you shouldn't check to see if their "disabled" or whatever flag you want to use is, that will require an extra DB call on EVERY page which is unfortunate for speed. If you take out their ACL nodes, there are fewer DB requests in the case that the user doesn't have privileges to do the requested action.
So, in sum -- use ACL. On Oct 16, 5:57 am, on24nl <[EMAIL PROTECTED]> wrote: > I found a small problem with the Auth component in my latest cake app: > -User is logged in > -I'm also logged in and I delete the other user > -The other (now non-existing) user is still logged in! > > Why does Auth not check if a User also exists?! How to fix this? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
