[ic] Saving shopping carts on behalf of a customer.

Mike Heins mike at perusion.com
Tue Dec 7 11:55:52 EST 2004

Quoting Brian Kaney (brian at vermonster.com):
> The issue I am having is the administrator needs to be able to save a
> named shopping cart (containing the quotation) on behalf of another
> user.

this makes sense.

> I found if I log in as admin and click on the "customers" tab, there is
> a nice switch user function.  I can look into session and check if
> $Session->{su} exists.  If it does, I can allow access to my privileged
> functions.
> This all seems to work, but I am wondering if it is safe to rely on the
> existence of $Session->{su} for determining if the user's previous login
> was su?

the thing i struggle with is why do you care? and safe for what value
of safe? anyone who can create embedded perl code which you run
can do

	[calc] $Session->{su} = 1 [/calc] 

This value will be reset every page transaction, so it will only persist
for that page. 

Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.647.1295  tollfree 800-949-1889 <mike at perusion.com>

p.s. sorry for lower case, injured hand

Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer

More information about the interchange-users mailing list