An auth_tkt cookie also has space to store 'tokens', i.e. groups or
roles and 'user data', which might be used for storing fullname and
email address. Obviously there is a trade-off to be made between
cacheabiliy and liveness, but for many sites I suspect all of this
data could be safely set on a
In my application, authenticated_userid() is just the integer primary key of
the user table stored in an auth_tkt cookie. It does not consult the
database at all. I do not remove users from the database, but they have an
'is_active' flag which controls whether they are allowed to log in.
The