So they come to me and say "How are we handling logging in a user. Are we using cookies?"
What we've done in the past with Flash (sorry. I know that's a dirty word here) is have the user log in and have the server pass back a user object that contains (among other things) a role. If the server doesn't pass the user object, then they get the login screen again. If the user is logged in, they see screens/forms per what level their role is set. The security on this new application is going to need to be a bit more strict.
My problem is this: I am NOT a full-time J2EE developer and the people who are asking these questions are very experienced J2EE developers. Every time I attempt to explain to them how we should handle user log in I appearently am not using the correct words. Can someone either point me to a document that explains how user log in would normally would be handled with Flex in a J2EE environment? Or give it to me is easy to understand language so I can relieve these guys' (and my) stress? Is there a best practice for handling user login in a secure application?
Also, they threw me a curve today: "How do we handle it if a user's role is demoted or promoted in the middle of a session? Can we immediately change what they see on-screen? Or can we immediately have them log off?" Any thoughts?
Leif
http://www.leifwells.com
Yahoo! Groups Links
- To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.