Sessions Best Practice Question

I am trying to determine the best way to grab out the signed in
user_id for adding items to another belongsto table. Is it ok to use
the session data for this?

I could easily use this as a hidden field in the form data.
$session->read('Auth.User.id') ?

But, does this belong in a controller? What is the best and most
secure way to do this?

I have a Users table with id, name and password
I have a Authors table with id, user_id, address, city, state, zip

Users won't be able to access each others account data. So after
baking the app I would remove the User.name dropdown.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.

To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php