Search Flex Samples

Real-Time Permissions Caching in Coldfusion

A little bit of Fusion...

This post has to deal with ColdFusion based applications that require a permission set for a logged in user. It goes without saying... Permissions are extremely important for protecting sensitive content or data, you always want your application to be secure AND permissions up to date. In my experience thus far, I have seen 2 common approaches to this scenario... (and I am about to introduce a third)

  1. Rebuild Permissions Object on EVERY page load.
  2. Build your Permissions Object when the user logs in and store it in the user session.
Each approach has its benefits. The first approach allows you to maintain accurate permissions on every page access. If permissions are changed by an administrator while another user is currently logged in, those permissions are updated at the next page request. In the event that a user's permissions are restricted during the concurrent actions, those restrictions go into effect immediately. The second approach addresses any performance issues that could be encountered by building the permissions set. Its quite simple actually.... Build the permissions when the user logs in, store them in session. If the permissions are changed, then the changes will go into effect in the next login. You will use the cached permissions throughout the remainder of the session.

Each of these approaches have their downfalls... The first approach could be very resource intensive. Building an application permission object or checking data or event access rights could be a costly transaction. The second approach allows for permission synchronization problems. For instance, User A logs in. User B restricts user A's permissions. During User A's current session, they are still working based on the old permissions model, and they still have access to items that they should not.

Now, Let me introduce a third, hybrid approach.

With cached permissions, what happens if I am logged into session A, while someone else is logged into session B, I change their permissions? The permissions for session B should be updated automatically on the next page request. Here's how it can be done....

First, you have to maintain application state. Each time application state changes, the cached permission object should be rebuilt. I did this using a GUID (UUID). I started by putting the following within my application.cfm file.

<cfparam default="#CreateUUID()#" name="Application.permissionCacheUUID"> On initial login, you should bulid your permission set and store it in the session. You should also store the value of your application-scope permission cache guid in the session scope. I would use a reusable header file for this.

<cfif application.permissionCacheUUID NEQ session.permissionCacheUUID OR session.permissionCacheUUID is NULL>

//Add your code here to build your permission set store it in the session

<cfset session.accesslist = GetAccessList()>

//Store the application scope guid within the session.

<cfset session.permissionCacheUUID = Application.permissionCacheUUID>

</cfif> Now, every time that the permission set is updated, you should update the application scope guid. I use this when adding, editing or updating users within the system.

<cfset Application.permissionCacheUUID = CreateUUID()> If you notice in the second code block, the code to rebuild the permissions object (session.AccessList) gets executed if session.PermissionCacheUUID does not exist OR Session.PermissionCacheUUID does not equal Application.permissionCacheUUID. Whenever you update the application scope UUID, the code to rebuild the permission object will be executed.

Using this approach, permissions are only updated when necessary, not on every page access. Also, If user A updates permissions for user B, user B's permissions will also get updated automatically. Since the application scope guid was changed by user A, it will no longer be equal to the guid stored in user b's session. On the next page load for user B, their permission set will be updated.


jones said...

Nice blog...
visit also coldfusion example

Related Flex Samples

Learn Flex: Flex Samples | Flex Video Tutorials Flex Examples