Thanx much for the quick response ... may I inquire further please?
: For our system, we're managing it all through sessions. When the
person logs
: in, their login information is checked against a database object.
If it
: matches, they're logged in. Otherwise, they're asked to provide a
correct
: login, or bugger off.
:
: After they're logged in, there is a user object associated with
their session
: (session.setAttribute( user, "user" )).
:
: It is through this user object that decides where they can access,
and what they
: can access.
Can to explain this further please - how do you manage the
url-user-role matrix in your user object? Further, how do you do a
check in a timely fashion for every protected area of your site?
I was thinking of developing some sort of all encompassing "white
pages" for everyone and every url. When a user logs in, I could
grab all data for that user from the white pages and stuff that info
into the session. From then on in, for every protected page access,
I could validate the URL against the session data and not hit the
database. Database updates for new users and roles could be handled
elsewhere.
In this scenario - I would role my own system.
Thanx much - Michelle
