[thelist] CFMX: user-specific menus
Chris
evolt at axe.dircon.co.uk
Thu Apr 28 13:22:40 CDT 2005
Dear Evolters
I am designing a B2B web application in CFMX that will require granular,
user->page level authentication.
After considering my options, I have decided on the following system:
- Assign each page an ID
- Embed ID in each .cfm page
- On login, query database-maintained user->page permission table and
populate session array of permissible page IDs.
- On page access, check page ID exists in session array.
So far so good, I think.
Sessions will have 20 minute life, so this method should place more
demands on RAM than on the DB, which is my preference, for performance;
this site not going to be supporting 1000s of concurrent sessions.
However, it is also a requirement that the menus be personalised so that
certain pages are hidden from view on a user-by-user basis.
This may strike you as a silly requirement, as users could,
theoretically, compare notes - "oh, when I log in I get such-and-such
functionality - don't you?" - but humour me, please.
The menu will be a nested <UL>.
I am pondering how best to render the menu.
1. Build the entire menu via a DB query at the point of login, and cache
entire string in session - maybe 4kb. Then <cfoutput> for every page.
2. Query DB on _every_ page access and build dynamically with <cfoutput
query="..."> and <cfloop>. Would be best if combined with querying the
DB to assess permissions on page access (instead of caching in an
array). But I can't help thinking this will be slower, given the need to
execute query and loop though entries.
Obviously everything is a trade-off: processor v. RAM v. DB v. time.
Any other methods I could try?
- Don't want to put the menu in a frame.
- Application-scope XML rendered via session-scoped XSLT seems a bit OTT.
Cheers
-Chris
More information about the thelist
mailing list