At 02:56 PM 10/11/2001 -0400, Aaron Held wrote: >Are any of the timout functions in the UserManager classes >(cachedUserTimeout()) implemented? >They do not seem to be used anywhere. > >Also what is External ID used for? For an I was planning to map - >User.name = email address >User.SerialNum = User.SerialNum (= primary key of DB) >User.ExternalID = employeeID > >(I know its Alpha so thats why I think the functions are not used)
You're correct that the timeouts are not used. They are mostly important for sites that have a huge number of users. More moderate sites could rely on WebKit session timeouts instead (assuming you are using WebKit). So far UserKit users haven't felt the burden of 10,000 simultaneous users so no one has implemented the time outs. The idea behind externalId is that you could safely use it externally to refer to a user. Safely means that 1. it would be hard for someone to guess (and therefore impersonate another user) and 2. would not reveal private information about the user. This basically means an opaque, lengthy randomized id. I believe UserKit already provides that. And here's an example application of it: If the user chooses a "[ ] Remember me" checkbox when signing in, you would store their externalId in an indefinite cookie. Using their employee id for this would be bad for several reasons. 1. If I get access to someone's machine I can discern their employee id by looking at their cookies. 2. If I already know their id, I can impersonate them by editing my cookies file. 3. If ids are easily guessed (perhaps they are consecutive) I can easily impersonate random employees. -Chuck _______________________________________________ Webware-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-devel
