I'm a newbie, I've been using Django to develop an application. The entire application need to be based on an authorization mechnism. As of my current programe, I just put user's id in session when they log in, and there is a authorization decorater to judge whether a request object include user id, is this safe enough?
By the way, due to the special requirement, the authorization of end- user should be based on several fields, like in which department or unit the end-user could be visit. Hence, when user log in, his/her authorized objects id(pk in model) will be saved in session, and then every request if need to retrieve data, such authorized objects id will be used as filter condition, like filter(id__in=[]), is this safe and effective? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---