Re: [Phplib-users] on auth

[Giancarlo <gia...@na...>]

Il 05:43, mercoled=EC 25 settembre 2002, hai scritto:
> I have not tried your new auth, Gian.  If it implements Kristian's
> suggestion for the redesigned Auth process for sidebar and default
> authentication, then I think it would be great to offer PHPLIB users
> the choice of the old, interstitial (blocking) Auth method, and your
> new default Auth method.

Interstitial (blocking) mode  and default_auth (nobody) are conceptually =
two=20
different, separate things.

The relation among the two is the fact that phplib, whenever has shown a=20
login  page, wants to have auth[uid]=3D'form' before accepting its submis=
sion.
And, to decide if the login form has to be shown or not, some auth class =
has=20
to be instantiated, even if not already logged: so the need to default_au=
th.

The interstitial (blocking) method is something more than just showing a=20
'spalsh login page' instead of a form somewhere down.=20

The interstitial concept is that, once you have requested a protected pag=
e=20
and you are not authenticated , you session enters a blocking state=20
(auth[uid]=3Dform). You have a single point of entrance into the session.=
 You=20
have to request a ticket (uid=3Dform) before you can proceed with the ses=
sio.=20
Your session is blocked, everywhere, on other frames, in going 'back', in=
 a=20
new browser window.

The aim of the 'form' status is to be sure that you have previously reque=
sted=20
a login form to phplib before submitting it. Is to prevent people registe=
ring=20
with a single POST, without having entered the 'form' status before.


>
> I currently have a large application which uses the old blocking Auth
> method and it is the right thing for that application -- all users must
> be authenticated and there are no default facilities.

This is different that interstitial method. You mayy have 'no default=20
facilities' even without interstitial blocking mode.

Gian