The essence of the question is: how to properly distinguish between access for authorized and unauthorized users. Cook based authorization implemented. The ability to check the user is authorized or not available. Now I do this:
I check on each page that is intended only for authorized users by querying the database every time the page is opened whether the user is authorized or not (in the data if there is a check, they match the database if everything is OK then the page is shown if not then redirect to the login page). Is it correct? Or somehow different normal progers do? Do you really need to knock on the database every time?
If the user is not authorized, then you need to show a link to the page with a login or registration, and if he is authorized, then write his name + hello and show links to other pages that are available for authorized. THOSE. if authorized, the links are visible, if not, then there are no links .. What is the principle here? How do people realize this?
