I'm currently optimizing my web site. I'm using a simple credit system that gives you access to certain pages only if you have paid for them. Right now I'm always checking in the DB if the subscription is expired. I do this for multiple pages.
Would it be a good idea to check it only once when the user logs himself in and then carry the result in开发者_JS百科 a session variable?
That would be a bad idea since it's easily exploitable. A user can remain logged in for a long time, perhaps infinitely, if he wanted to. You should keep it the way it is.
Not a great idea, unless you make provisions to refresh that value in the session periodically. Otherwise, a user will be able to extend a subscription's lifetime, potentially indefinitely, by keeping a session active.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论