| home -> documentation -> environment guide -> Controlling user privileges based on the session information |
Although we have learned how to build private sites, is a very common feature to distinguish between different user levels. With this level difference we can show to some users certain features or modules of the system and hide them to the rest. For example, think on the case of an "administrator" and all the regular users of an online orders system. A regular user of the site must have access only to his orders information but the administrator needs access to all client orders.
And precisely for this kind of things the SESSION object could be used. Consider the login example presented to you in the previous section.
Here again is the user table and the LOGIN query. Notice the user level assigned to each user and how this value is retreived on the selection list.
USERS table:
| USRID |
USRFIRSTNAME |
USRLASTNAME |
USRUSERNAME |
USRPASSWORD |
USRLEVEL |
1 |
Administrator |
(null) |
administrator |
confidential |
1 |
2 |
Sirius |
Black |
jblack |
black |
2 |
3 |
Angie |
Hart |
aheart |
angieheart |
2 |
4 |
Chandler |
Bing |
cbing |
duck |
2 |
SELECT USRID, USRFIRSTNAME, USRLASTNAME, USRLEVEL FROM USERS
WHERE USRUSERNAME = :TXTUSER AND USRPASSWORD = :TXTPASSWORD
|
After a successful authentication has been executed on the system, the SESSION object for the user contains a variable named USRLEVEL. The value assigned to this variable will depend on the values stored on the table, and we can use it to display additional menu options to the administrator:
|
Menu options
- Start
- Order information
- Preferences
- <#IF EXPRESSION="USRLEVEL=1">Administration section<#/IF>
|
Or redirect him to another page:
<#REDIRECT EXPRESSION="USRLEVEL=1" DOC="admmenu.dbsp"/>
Menu options
- Start
- Order information
- Preferences
|
With this feature, we can customize almost any page according to the user that is accessing to our application.
|
Note: You can not add values to the SESSION object except at the login phase and these values can not be overwritten during all the life of the session.
|
Previous | Next
|
