Nov 11
Patrick Larkin Questions about Sessions
Nov 11, 2012; 22:51
Patrick Larkin
Questions about Sessions
Hello -
I'm making a new website and want to make it more personalized and easier to use for our staff members mainly through a single-signin set up.
I thought I had a grasp on how I wanted to do it but now I'm questioning my strategy.
This is the basic idea I had:
1. Website has hundreds of pages, some of which I want to be able to plop user specific info or links.
2. Website has a Staff log in which is optional. Staff member logs in if they want something that requires authentication to see or use.
3. Website has a number of "applications" for authenticated users. Authenticated users see Staff Directory, select users can see and use applications that do various things.
4. Website is primarily used by non-Staff members and users who do NOT require authentication.
This was the idea of how I was going to achieve the above.
A. Every page starts with an include that starts or resumes a session.
Session_start( -Name='MySessionName', -Expires='60', -UseAuto);
I'm concerned that since this is a public website, I will have hundreds of sessions going for no particular reason.
B. There is a "Staff" section that requires authentication. Once authenticated, I start a session again using the same syntax as above but now I add a number of variables to the session that identifies the user and sets certain flags to give permission to use certain applications.
I'm not sure if I have to to another Session_Start or not. Can I just authenticate a user and then add variables to the session already started?
C. A staff member could authenticate and then traverse the website. I'm thinking by having the Session_Start statement beginning each page that the authenticated user session will continue and follow the user around.
D. The unauthenticated user will also have a session but it will contain nothing. I think this might be trouble.
E. If an authenticated user goes to an "application" link, I check for the existence of a session variable. This seems to work if the user is authenticated.
I do this:
if($SESSION_www_announce_Credential != 'Y');
include('/includes/NOT_AUTHORIZED.lasso');
/if;
IF the user is NOT authenticated, it fails with this Lasso error:
"Page variable "SESSION_www_announce_Credential" not found"
Not sure how to get around this. I'm sure I've looked for nonexistent variables in the past and never got this error. Maybe I'm thinking of something else.
So, is there a better way to do what I want to do? I'm twisting myself up trying to keep track of the sessions and variables and do NOT want to expose any parts of the website that need authentication.
Also, I'm not sure about the -secure flag in the session or if I should use links or cookies. I've only ever used -UseLink but I'd rather not have non-staff viewers see this in the links.
Any help appreciated as always.
Patrick
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso
Lasso@lists.lassosoft.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Nov 11
Patrick Larkin Re: Questions about Sessions
Nov 11, 2012; 22:54
Patrick Larkin
Re: Questions about Sessions
Nov 12
Jolle Carlestam Re: Questions about Sessions
Nov 12, 2012; 04:24
Jolle Carlestam
Re: Questions about Sessions
Nov 12
Rick Draper RE: Questions about Sessions
Nov 12, 2012; 14:27
Rick Draper
RE: Questions about Sessions
Nov 12
Jolle Carlestam Re: Questions about Sessions
Nov 12, 2012; 04:51
Jolle Carlestam
Re: Questions about Sessions
Nov 12
Tim Taplin Re: Questions about Sessions
Nov 12, 2012; 06:30
Tim Taplin
Re: Questions about Sessions
Nov 12
Patrick Larkin Re: Questions about Sessions
Nov 12, 2012; 10:36
Patrick Larkin
Re: Questions about Sessions
Nov 12
Patrick Larkin Re: Questions about Sessions
Nov 12, 2012; 10:38
Patrick Larkin
Re: Questions about Sessions
Nov 12
Patrick Larkin Re: Questions about Sessions
Nov 12, 2012; 10:40
Patrick Larkin
Re: Questions about Sessions
Nov 12
Tim Taplin Re: Questions about Sessions
Nov 12, 2012; 10:08
Tim Taplin
Re: Questions about Sessions
Nov 13
Rick Draper RE: Questions about Sessions
Nov 13, 2012; 07:07
Rick Draper
RE: Questions about Sessions