[thelist] CFMX: user-specific menus

Chris evolt at axe.dircon.co.uk
Thu Apr 28 13:22:40 CDT 2005

Dear Evolters

I am designing a B2B web application in CFMX that will require granular, 
user->page level authentication.

After considering my options, I have decided on the following system:
- Assign each page an ID
- Embed ID in each .cfm page
- On login, query database-maintained user->page permission table and 
populate session array of permissible page IDs.
- On page access, check page ID exists in session array.

So far so good, I think.
Sessions will have 20 minute life, so this method should place more 
demands on RAM than on the DB, which is my preference, for performance; 
  this site not going to be supporting 1000s of concurrent sessions.

However, it is also a requirement that the menus be personalised so that 
certain pages are hidden from view on a user-by-user basis.
This may strike you as a silly requirement, as users could, 
theoretically, compare notes - "oh, when I log in I get such-and-such 
functionality - don't you?" - but humour me, please.

The menu will be a nested <UL>.

I am pondering how best to render the menu.
1. Build the entire menu via a DB query at the point of login, and cache 
entire string in session - maybe 4kb. Then <cfoutput> for every page.

2. Query DB on _every_ page access and build dynamically with <cfoutput 
query="..."> and <cfloop>. Would be best if combined with querying the 
DB to assess permissions on page access  (instead of caching in an 
array). But I can't help thinking this will be slower, given the need to 
execute query and loop though entries.

Obviously everything is a trade-off: processor v. RAM v. DB v. time.

Any other methods I could try?
- Don't want to put the menu in a frame.
- Application-scope XML rendered via session-scoped XSLT seems a bit OTT.


More information about the thelist mailing list