requireUser results in a call to db

Question

requireUser results in a call to db

onurzdg opened this issue 9 years ago · 2 comments

it says in the documentation of Snaplet-Auth that "requireUser" does not have a DB cost, but it actually does unless your session cookie expires but remember cookie is still valid. It results in a call to isLogged, which in turn calls currentUser. I think there's no reason why we cannot verify without a hit to DB that the user is logged in by checking if user id exits in the user's session as shown below.

restrict' :: AppHandler () -> AppHandler ()
restrict' h =  do             
            mUid <- with sess $ getFromSession "__user_id"
            case mUid of
                (Just _) -> h
                _ -> userNotLoggedIn

Answer 1 · 2015-07-17T18:19:37.000Z

ping @ozataman

Answer 2 · 2015-07-17T18:52:00.000Z

FWIW, there's some related discussion on currentUser here: https://groups.google.com/forum/#!searchin/snap_framework/db$20cost/snap_framework/o5Jp7PxL06E/9-6UtYxQvrwJ - I've observed the same that requireUser does have a db cost.