[cbauth] SessionStorage question

Converting old non-coldbox app to coldbox. I had Luis’s old security interceptor and just converted to cbsecurity. Everything working great. I just had a question on the “You can also specify a sessionStorage and a requestStorage WireBox mapping” in the docs.

Will cbsecurity copy my User properties into sessionStorage or do I need to do that in retrieveUserBy… functions? My old app added session vars after login and most of those are now duplicated by User.cfc.

I assume requestStorage only lasts for that page? So if I go to a new handler it will have to do the RetrieveUserById() again?

Thank you for the question.

CBAuth via cbsecurity will keep track of your login. By default it will store the User’s ID in session and place the User object in the request scope.

If you create a request start handler or an interceptor that listens on preProcess you can get the user object that is logged in and place them on the PRC scope. This technique allows you to place the authenticated/non-authenticated user object always on prc scope. Which allows consistency on your entire app when they need to talk to the User object.

Function requestStart( event, rc, prc ){
  // Talk to cbauth and get the current logged in user.
  prc.oCurrentUser = auth().getUser();

Now, with that said. Whatever properties your user has, those will be available to you as well. CBAuth, calls `retrieveUserById()` for you.

Luis Majano
Ortus Solutions, Corp

Support Open Source: www.patreon.com/ortussolutions
Linked In: https://www.linkedin.com/pub/3/731/483
Social: twitter.com/ortussolutions | twitter.com/lmajano