Obtain username, group, and role from the MapGuide session identifier
Currently, there is no way to obtain a users login name, group(s), and role(s) using the MapGuide session identifier. This informaton has to be maintained by the web application.
Change History
(6)
| Summary: |
Obtain username, group, and role from the !MapGuide session identifier → Obtain username, group, and role from the MapGuide session identifier
|
| Resolution: |
→ fixed
|
| Status: |
new → closed
|
| Resolution: |
fixed
|
| Status: |
closed → reopened
|
| Resolution: |
→ duplicate
|
| Status: |
reopened → closed
|
Just wanted to make sure that there's a note here about not encoding the user/grop/role into the session ID directly.
I believe that it's possible possible to change the user identified with a session during its lifetime. In my scenario, user comes into map as unpriveledged user (Anonymous), and then may log in. In this case, user must not lose any session-based resources stored in the current session.
It would be better to have some kind of resource within the session repository which encodes the sessions current user/group/role, and make this accessible with something like a GetUserInfo call against the session resource ID.