Wednesday, November 12, 2003, 11:03:15 AM, you wrote: JH> Why stop a storing a Boolean in the session to determine "logged-inness"?
JH> Why not just store the (validated) "User" object in the session and check for JH> it's presence? That way, if it's there, one can utilize the data in the User JH> object for whatever sordid little purpose said developer comes up with. That excactly what I'm doing. At the login, the business logic checks if the credentials supplied were right. If so, the user object will be stored in the session. In that way, I can easily access all the user's properties without doing a lookup all the time. You might run into memory problems if you have a lot of simultanous logged in users and/or big user objects. But that not the case for me. Additionally, I'm storing a list of the users group membership in the session. So I can do fast permission checks based on this list (always doing a lookup for every groups is expensive). JH> I mean using bean:write tags of the "User" object seems straightforward JH> enough, but what about the List of "Children" objects that is part of JH> the "User" object? I don't really understand. I'm using code like this to access the user object: <c:choose> <%-- check if the users object is stored in the session--%> <c:when test="${empty sessionScope.user}"> <%-- it's not, present a "you're not logged in" message --%> <span id="error"><bean:message key="login.header.unauthd"/></span><br> </c:when> <%-- the user is logged in --%> <c:otherwise> <%-- present a welcome message like "Welcome, John Doe." --%> <bean:message key="login.header.welcome"/>, ${sessionScope.user.name}. <%-- display the logout form --%> <html:form action="login.do"> <html:hidden property="dispatch" value="logout"/> <%-- the requested page parameter is used to return to this page after logout --%> <html:hidden property="requestedPage" value="${pageContext.request.servletPath}"/> <html:submit><bean:message key="login.button.logout"/></html:submit> </html:form> </c:otherwise> </c:choose> As you can see, I read and display the user's name with ${sessionScope.user.name}. But I have to warn you, I'm a struts newbie too.. :) Regards, Arne Brutschy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]