Yii Authorisation Caching Or Using Without Db


Every page load that happens on the web app will need to query the database because of the Yii Authorization that is happening.

i.e. it reads the AuthItem, AuthItemChild and AuthAssignment tables to check whether a user has access to certain parts of the system.

This is done using the standard Yii way.

I was wondering if there was a way to do it as standard in Yii without the need to query the database everytime?


Users’ permissions may change between consecutive requests, that’s why authorization data must be reloaded every time. Any caching mechanism would introduce a potential security hole. For smaller applications, CPhpAuthManager might be a faster alternative to database.

I had the same problem where we had a bunch of menu items, each with their own permission requirement and it was hurting every page load. I ended up storing permissions in session after a user logs in, then in my admin interface for managing permissions themselves, clear out that user’s session everytime changes are made (whether that be adding or revoking permissions). One downside is you have to manage permissions through the admin interface, else they won’t take effect until that user logs out or loses his/her session


Ok thanks Guy.

And georaldc …

Did you have to build your own permission checking functions for the data stored in the SESSION.