change doLogin to store user reference only

[mazondo]

I think that we should push the responsibility of loading the user data into doLogin() or somewhere similar. The reason is two-fold:

• Unless I've missed it somewhere, right now we've left it to the app to load user data and pass it into doLogin() manually
• right now doLogin() will store the user data in it's entire form as a cookie. Seems unsafe as the user data will potentially have auth information/user data as well. I like the idea of storing the user reference as a cookie and then loading it into the app on startup and storing it in memory, that way if the auth code is invalidated the user data is protected

Thoughts?

[mazondo]

Looking at this again, I think maybe we have doLogin() store the user reference in a cookie only, and then add to the client init code that will check for a user reference and create a currentUser or userData object.

this will work well for the current implementation, but I'll need to keep it in mind for the login window implementation later.

[mazondo]

done.