Eric,
I have used a similar approach - so far, successfully!
My current headache is how to handle expired sessions gracefully. i.e. All my user information is in the session and it gets lost because the session times out. Normally I would steer the user to a log-in page and get him to log in again.
However we are using Tivoli's Policy Director which provides a single log-in. The login is performed on one of 2 servers the name of which is passed to my app so that I can call the logoout method at a later date. This information is stored with the user data in the session and also gets lost
.
Does anyone have ideas where I could store such info so that it does not get lost?
Thanks
Paul
------------------