It depends on what authorization mechanism you are using, but if the
complete user info is stored in the session it would be something
or, if you are just storing the id in the session and doing a lookup for
each access to user data…
substitute your session variable for the “user” entry.
Hope that helps.