Unique DB access

[cgr at formulae.co.uk]

Dear all,  (newbie)
Can some help me?
I have a (gadfly) database with many users data.
The database tables continue info about confidential training details
of all the users. Each user has a set of training requirements in
various subject areas. He/she will want to view the various
sub-sections of their training and be able to add/modify or delete
their personal training details.
I plan to use a HTML frame structure with a tree structure on the left
hand side. When the user clicks a node on the tree, it will take him to
a python generated HTML page on the right hand side. There will be at
least 30 nodes that link to about 5 CGI python scripts with parameters
(using 'GET').

CRITERION
The user must ONLY access his/her OWN data, not anyone else's.

PROBLEMS
Some users will use the same PC at different times of the day to enter
their details.

QUESTIONS
1. How can I easily create views of the data specific for each user?
2. By clicking on a node how can I incorporate the unique userID to
send to the python script? If I use 'GET' it is visible and therefore
hackable.

3. Can I use a cookie to store the unique key for each user on the same
PC?
What if another user uses the same PC 10 mins later?
How do I force them to login? Could they use the back button to see the
previous user details?

4. Do I use cookie.py on the server side? Are there any samples of
cookie.py implementation apart from the portion in the script itself?


Ideally,I would like the implementation to be similiar to the way
egroups is setup (login and logout), except that egroup users view all
the messages not just their own.

Thanks for any help?


Colm Rafferty