do not store the access level in the user's cookie (unless you seriously encrypt it), because users can alter their cookies.
the common approach is to store a session id in the cookie, and use that to key to server-side state in a session database of some sort (one that lives longer than any particular apache process, such as memcached or mysql). MasonX::Request::WithApacheSession should be able to help you with this. an alternative approach for the cookie-phobic is to keep the session id in the urls, but that brings its own hassles. On Jun 21, 2007, at 9:33 AM, Raymond Wan wrote: > > Hi all, > > I'm having a problem figuring out how to do authorization. Suppose a > user logs in and has an access level of "10". How do I keep this > information from one request to another? > > Recently, there was a discussion here about $m -> notes(), but it > is per > request... I presume that means if the user goes first to index.html, > logs in, and then goes to one.html, index.html (and all subcomponents > that it calls) will know about it but when the user goes to one.html, > another request is made and this information is gone. > > Currently, I've made the user's logged-in level as a global > variable but > that isn't working. Sometimes it works and other times (usually > when I > wait a bit before clicking "one.html") it won't. I think this happens > because after waiting a bit, the request gets handled by another Perl > interpreter which has no knowledge of this global variable. > > So, is there a way to keep this information between user requests > or is > my only option to set a cookie on the client side? > > Thank you in advance! > > Ray > > PS: Sorry for the multiple copies but I sent the first one to > [EMAIL PROTECTED] by accident. Probably didn't go through. > > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Mason-users mailing list > Mason-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mason-users --- michael reece :: software engineer :: [EMAIL PROTECTED] ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
