lizeshakya
7 months ago

Is it best practice to store role_type in the session

Posted 7 months ago by lizeshakya

In my project, I have used Zizaco/entrust package.

I need to check whether the user has a role administrator/super admin/employee?

Since it needs to check for all the pages, I stored it in the session when the user authenticates like:

protected function authenticated(Request $request, $user)
    {
        session(
            [
                'isLoggedIn' => true,
                'isAdministrator' => $user->hasRole('Administrator'),
                'isEmployee' => $user->hasRole('Employee')
            ]
        );
    }

It works like a charm. Is it the best practice since the non-admin users can change the session values. If not, what is the best practice to implement besides querying in all pages?

Please sign in or create an account to participate in this conversation.