View Single Post
  #6 (permalink)  
Old September 7th, 2003, 12:21 PM
Imar's Avatar
Imar Imar is offline
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts

Hi Lucian,

I don't think you can blame Dreamweaver for this. The Server Behaviors that Dreamweaver supplies deal with Authentication (whether a user is allowed to log in using valid credentials like a username and password or not), while what you are dealing with right now is about Authorization (what a user can see / do and cannot see / do once they are logged in).

Authorization is very application specific, so it's almost impossible to create Dreamweaver Server Behaviors that accommodate all possible generic situations. (You can find Dreamweaver Extensions that deal with specific authorization issues, like Shopping Carts at the Dreamweaver Extension site.)

By using Session variables, you have created a pretty secure solution. Once a user logs in, you store their User ID / Name in a Session variable and use that throughout your site. Users have no direct access to the Session variable, so it's impossible for them to change the value you have saved in that variable.

Passing sensitive information like User IDs, passwords etc through the querystring is never a good idea. Storing them in Session variables is a much more secure solution.

If your code using Session variables works fine, you shouldn't be worried. If it doesn't work, please tell me what's wrong, post some code and I'll take a look at it.



Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote