Hi Gareth/Michael,
Gareth Kirwan wrote: > I would suggest that you store this information in a database linked to the > username. > How do you work out the access level in the first place for the user? Yes, I would be checking the user's name and password in a database. Michael Reece wrote: > do not store the access level in the user's cookie (unless you > seriously encrypt it), because users can alter their cookies. > > the common approach is to store a session id in the cookie, and use > that to key to server-side state in a session database of some sort > (one that lives longer than any particular apache process, such as > memcached or mysql). MasonX::Request::WithApacheSession should be > able to help you with this. > > an alternative approach for the cookie-phobic is to keep the session > id in the urls, but that brings its own hassles. Ah! That's how you maintain variables (or state) from one request to another...via a database. And then it's fine to store a username, or better yet, a session id as a cookie on the client side to act as a key to look-up into the database. There no other way for this information (or any variable, for that matter) to persist across requests by the same user other than keeping some kind of information on the client side? (Other than URLs.) I see, thanks! I was thinking of global variables or even <%init> blocks to set and store variables, but each request (even within a single persistent connection by the same client) is independent and no variable can exist across requests? Ray ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Mason-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mason-users
