Hi, I have an app where I'm using othAuth for my login / authentication. The app has two levels of users - administrators and registered users.
At the moment when I log in with a username in the administrators group I have the app set up to send me to the administration page. >From there I can get a list of registered users in the system and their associated account details. I have implemented a method for the admin whereby they can click on a link in that admin list and they are then logged in to the system as if they were that user. At the moment I have done this by: 1) check is the person requesting to become the new user by proxy is in the administrators group 2) copy the administrator's current session data to a temporary location 3) replace the administrator user's session data with that which would be assigned to the registered user when they log in 4) add the administrator's session from the temporary store to the new session 5) redierect the user to the landing page registered users are sent to after logging in In the routines that generate the menu system for the app I then check if the user has an administrator's back up session information stored in their session, and if so I show a link to allow them to get back to the list of users / admin system. On returning to the admin system I replace the user's session from that which was previously stored in the backup location - essentially logging out the registered user and reverting the admin user to their normal access rights. I was wondering if anyone had any comments on how I have approached this - or had a better way that a system such as this could be implemented. I've not managed to find any discussions in the group relating to this as yet. Basically I need a system where an administrator can masquerade as a registered user, performing actions in the system as if they were that user. I also need to provide the administrator with a means to return to the admin system and cancel the proxy login session once they are done so that they can continue with their administration tasks. - Dan. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
