Malka Cymbalista wrote:
We plan on using standard http authentication. Once the user logs in, is there a way to save the userid and check it to make sure that the user who is now working is the same user who logged in?
You're trying to make sure that users don't switch to logging in as someone else part-way through some work? They still have to provide a username and password on every request with basic auth, so I don't think it will really matter. If you really want to, keep the original username in a cookie or a cookie-based session. You will have to provide some form of logout if you do this though, which is not usually done with basic auth.
- Perrin
