This chapter has outlined a practical way to force a user to log in to your application and to show them only the appropriate information. Of course, your actual needs are likely to vary somewhat from what has been discussed here. Here are a couple of other scenarios that are commonly encountered, with suggestions about how to tackle them.
Delaying the Login Until Necessary
The examples in this chapter assume that the entire application needs to be secured and that each user should be forced to log in when they first visit any of your application’s pages. If, however, only a few pages need to be secured here and there, you might want to delay the login step until the user actually requests something of a sensitive nature. For ...