Hi I want to have a guest concept. You get instant access to my app. There are limits. But, you will be allowed to come back multiple times before I require you to register.
When a user comes in as a guest, I will create a user with a bogus username, password and email, and put the user_id in the session, so that when the user comes back I can read it and restore saved state. I'm mildly concerned that it's unsafe to put the user_id in the session. I can imagine a hacker faking that somehow, and getting access to other guest accounts. I'm not sure the risk is that big, and once users register, the risk goes down. But, I'm wondering if this is at all foolhardy. Is there a better way to approach this? Perhaps a hash key or something that isn't sequentially too guessable. Or some encryption. This guest concept has inherent security issues with shared computers: labs, cafes, etc. The user will made aware of this when logging in as Guest. Also there will be no sensitive or private data in this guest account that if seen by another user would make much difference. Thanks for any insight Gene --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
