>> This of course follows the default behavior of loading the user from >> DB every time authenticated? is called, which is every page rendering >> if you are following basic auth protections. This is highly >> inefficient and I would like to understand why it works this way > > This in no way fetches the user from the database each time. The user is > fetched from the session once if they are present.
I think the important part of "every time" was "every page rendering". For some applications it's a wasteful query to load the user object, which may not be used for anything else on every page, and just the fact that session[:user] is set could be enough to consider the user authenticated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
