In message <[EMAIL PROTECTED]>, John McNally
<[EMAIL PROTECTED]> writes
>It used to be that when a User went from anonymous to logged in status,
>the User object did not change. The User object only changed when a
>user logged out. I think this is the proper behavior, but Rafal had
>security concerns; I do not recall what they were. Copying the temp
>hashtable does not help in the case where a custom User is being used
>that is storing some attributes outside the hashtable. But you can just
>say you have to write your own Login action to account for any
>differences. I still like just keeping the same User.
+1
I think conceptually it is correct that the User object remains the
same, it merely acquires the property of being named not anonymous.
--
Sean Legassick
[EMAIL PROTECTED]
Ek is 'n man: niks menslik is vreemd vir my nie
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
