[ic] Saving shopping carts on behalf of a customer.
Mike Heins
mike at perusion.com
Tue Dec 7 11:55:52 EST 2004
Quoting Brian Kaney (brian at vermonster.com):
>
>
> The issue I am having is the administrator needs to be able to save a
> named shopping cart (containing the quotation) on behalf of another
> user.
this makes sense.
>
>
> I found if I log in as admin and click on the "customers" tab, there is
> a nice switch user function. I can look into session and check if
> $Session->{su} exists. If it does, I can allow access to my privileged
> functions.
>
>
> This all seems to work, but I am wondering if it is safe to rely on the
> existence of $Session->{su} for determining if the user's previous login
> was su?
the thing i struggle with is why do you care? and safe for what value
of safe? anyone who can create embedded perl code which you run
can do
[calc] $Session->{su} = 1 [/calc]
This value will be reset every page transaction, so it will only persist
for that page.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
p.s. sorry for lower case, injured hand
Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer
More information about the interchange-users
mailing list