[SOLVED] Singleton Class w/ Authentication?

[deerly]

Hi everyone!

 

I'm trying to figure out a clever system to keep track of a logged in user's information in an OO way.

 

Right now the checkUserLogin method validates a token/identifier against the database to see if the user is logged in and makes sure things are kosher.

 

I don't want to recreate a new User class everytime a page is loaded. As I understand it, using a Singleton class can persist the user's information.

 

So! I create my singleton class, instantiate it when the user logs in and then.... do I store the instance of the class in a cookie? That doesn't seem very secure and then doesn't that defeat the point of storing the identifier/token in a cookie as well?

 

I'm sure there is a way to have a user class that isn't recreated every page load while still only storing the bare minimum of information in a cookie for authentication?

 

I'm still pretty new at all this, I'm just trying to wrap my head around how this can and should be done! Thanks for any help

[corbin]

I would not use a Singleton.  Theoretically you will only have 1 instance of any user object per specific user but a time may come when you need more than 1 user object.

 

 

Also, singletons are not created more than once per page load, but they do have to be recreated every time PHP execution stop then starts (in other words it would have to be recreated each page load).

 

 

You can store an object in a session regardless of whether it's a singleton or not.

[deerly]

Ok, thank you!

 

So I guess my next question would be -- is it good practice to store an instance of an object in a session for user authentication?

 

So I would have a cookie with identifier:token and then a session variable with thisUser object.

 

Then I'd use thisUser object -> checkLogin or doWhatever() methods that way? Pulling info from the cookie?

 

Or, is it basically the same thing to just recreate an object on every page with the information pulled from the cookie?

[corbin]

Really you should just recreate the object every page load unless there's rarely changing information cached in it.

 

 

For example, if you ban a user but their object doesn't reflect that, you could have issues.  They might not get banned until the next login.

[deerly]

Alright, gotcha!

 

I think I have a game plan now, for some reason I thought it was bad practice to keep recreating objects for the same user over and over again. 

 

At least I can keep going the way I was now!

[corbin]

Well when ever you store an object in a session what happens is that an object is created then the values stored in the session are assigned to it.

 

 

So really the only thing lost is if you pull a lot of data.  For example, if you had a bunch of MySQL query results stored in the object, the queries would have to be done again.  (But, like I said earlier, sometimes the fetching of data should be done again.)