One way of discovering the identity of the user sending a request into your application is to test the identity using methods on the transaction object. Before this can be made to work, you must set up authentication for your application, as described in "Securing a WebStack Application". Once authentication is working, every request that arrives in the application will have the identity of the user attached automatically.
Having access to a user's identity can be useful in making decisions about which operations that user is able to perform within your application. Moreover, the user identity provided by authentication mechanisms can tell you more about who that user is, as opposed to typical session information which, on its own, can only really confirm that the user in question has visited the application before.
Transaction objects have the following methods for inspecting and redefining the identity of users:
get_user
set_user
get_user
, allowing certain parts of an application to
view users according to other criteria than their basic username - for
example, one might use set_user
to redefine each user's
identity in terms of the role that user may have in an application.