Users and Authentication

One way of discovering the identity of the user sending a request into your application is to test the identity using methods on the transaction object. Before this can be made to work, you must set up authentication for your application, as described in "Securing a WebStack Application". Once authentication is working, every request that arrives in the application will have the identity of the user attached automatically.

Uses of User Identity

Having access to a user's identity can be useful in making decisions about which operations that user is able to perform within your application. Moreover, the user identity provided by authentication mechanisms can tell you more about who that user is, as opposed to typical session information which, on its own, can only really confirm that the user in question has visited the application before.

WebStack API - User Identity

Transaction objects have the following methods for inspecting and redefining the identity of users:

get_user
This gets the name of the user attempting to access the application.
set_user
This sets the name of the user, thus affecting subsequent calls to get_user, allowing certain parts of an application to view users according to other criteria than their basic username - for example, one might use set_user to redefine each user's identity in terms of the role that user may have in an application.