If you store it in the database you should use a non guessable random number as a key which you can transfer through the browser (cookie or request parameter).
Ingo
[EMAIL PROTECTED] wrote:
For storing user info, using sessions is the best way. Think about not
using sessions: you should someway propagate an "ID" of the user between
requests. Luckily, J2EE applications store a session ID as a cookie or (if
cookies are not enabled) propagates it in URLs.
But be cautious using session, don't abuse it. If you want to use it only
to store user information, it is correct. But if you want to store, for
example, data between request to realize a wizard, it is wrong. In this
case, you should propagate temporary acquired values between requests,
because you could reach inconsistence. For example, think about opening
two different windows with the same "wizard". The session ID is the same,
then data could cross themselves, making a real mess!
But this is not your case, so use session.
Ciao
Antonio Petrelli
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
