Hello. If you have a minute, I've been kinda messing around with user authentication and have a really basic question or whatever...
1. a login script assigns a value to a
String object...based on values stored in a rdbms...for example, login as UserE and String object ACCESS="EDIT" is created/set and put into session...login as UserR and another String object ACCESS="READ" is created/set and put into session.
2. If the objects are stored in the session, does the client maintain it's link to it's own ACCESS String object until it is destroyed? (I presume the web.xml session-timeout setting would dictate when the destruction takes place).
I guess the major thing I want to make sure is that if UserR logs in and a String object is created and set to ACCESS="READ" and thrown into session, this value will not be overwritten when UserE logs in and creates/sets ACCESS="EDIT" and that is tossed into session.
Thank you very much for reading this.
[ December 21, 2004: Message edited by: Tom Griffith ]