> > > > How about your barcode (or card or whatever) idea, to allow users to switch > id on-the-fly > ? I am curious as to how you implement that.
after some user has logged in in a 'normal/standard' way (using e.g. form-based, container-managed), there is a text input field in the header of the secured web page. if another user scans his personal barcode which could be e.g. a hash of his username and his hashed password into this field, there will be a switch to this new user (just by setting its 'user object' in the session). to validate this hash, the application just loops over the limited number of users of that specific (small) company to find a match. the container is no longer involved in authorization, the existing session is reused by the new user. this method has the advantage that one can only switch between users of the same 'company/shop' and that someone of that company must have logged in in a standard way before any user switching becomes possible. dirk > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org