You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, permissions are cached indefinitely in a logged in user's session. This means that if permissions are added or removed, they don't actually take effect unless the user logs out and then back in. At best, it's inconvenient, and at worst, it's dangerous.
The cache should be repopulated every 5? 10? minutes (striking a good balance with performance). Should it also be repopulated for important actions? e.g. changing other permissions, or all POST actions, or...? Maybe, but we have to consider the performance implications.
The text was updated successfully, but these errors were encountered:
Currently, permissions are cached indefinitely in a logged in user's session. This means that if permissions are added or removed, they don't actually take effect unless the user logs out and then back in. At best, it's inconvenient, and at worst, it's dangerous.
The cache should be repopulated every 5? 10? minutes (striking a good balance with performance). Should it also be repopulated for important actions? e.g. changing other permissions, or all POST actions, or...? Maybe, but we have to consider the performance implications.
The text was updated successfully, but these errors were encountered: