Session vars and database updates

pablogosse

Hi all. I've got a situation to which I'm pretty sure I already know the answer, but I'm not entirely certain and would like some opinions.

I have a page for users to update their username, password, and the hint/answer combintation they use to retrieve their password.

Now, once a user logs in he/she has access to what ever applications I have given them access to.

So, let's say user A logs in. When he/she logs in, the following session vars are registered:

user_id
firstname
lastname
username
email
clearance

and then if they try to access an appliction after they've logged in a check is performed which compares the session values with values in the database.

My problem is this:

If a user updates his/her info, the values in the database will not match those stored in the session. Is there any way this can be avoided short of logging them out after their information has been updated, thereby forcing them to login with the new information?

Thanks in advance,
Pablo

Weedpacket

Which bits of those can they change during a session (not user_id, I'd guess)? Don't keep those ones in session variables - just pull them from the database as needed (you'll be hitting the database anyway, to see if they're there, so that's not going to produce much more overhead).

Alternatively, update the session copies of those variables whenever you alter their values in the database.

A further idea is to keep some other session variable that records their logged status, and check that first. Then if that says they're logged in, do the more careful check.