Hello. We need to organize the following:

  1. Pay for testing when requesting the result of this testing.
  2. Pay for an hour of testing. These are two different types of testing.

What logic would you advise me? Particularly concerned with how and where (in the database or cookies?) Store data that the user has paid for the result or time. I use YII so I’ll ask if it will touch RBAC , CWebUser or other standard framework tools.

Thank you very much.

    1 answer 1

    In cookies, nothing more important than the session id can not be stored, since the cookies are stored on the client side (easily edited) and there is such a person who will change the "payment result" as he pleases. Only on the server (bd).

    • From a DB it is clear. Then is it possible to store data that the status of the user is "paid" in the sessions, because they are also stored on the server? It would be very convenient for me. Otherwise, you will have to climb into the database and permanently delete temporary data. - Samat Zhanbekov
    • Save the data in the database, change the desired field in the session, then if you need to perform some responsible action, check whether this field has changed in the database. - nolka
    • As soon as a person logs in using cookies or direct login / password input: immediately roll out all the important data from the database to the array and work in it. If something changes, change first in the database (!), And then in the array. And so the DB on that and is that in it "to climb". - ferrari