[Phplib-users] Re: blocking mode vs default_auth
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] Re: blocking mode vs default_auth
|
From: Chris J. <ch...@ch...> - 2002-09-25 17:30:26
|
On Wed, Sep 25, 2002 at 09:58:07AM +0200, Giancarlo wrote:
> Il 05:43, mercoledì 25 settembre 2002, hai scritto:
> >
> > I currently have a large application which uses the old blocking Auth
> > method and it is the right thing for that application -- all users must
> > be authenticated and there are no default facilities.
> >
>
> Then what you want is:
> wherever I instantiate the auth feature, if the user bears no authentication,
> a splash login page is shown by auth itself, your script does not have to
> check anything. Just instantiating the auth class will do it. You don't
> really want blocking mode. You wat a splash form behaviour handled by auth
> itself.
>
> Others, or you in other apps, my want:
>
> whenever I instantiate the auth feature, auth returns me a value that says if
> the user bears authentication or not. And my script, not auth, decides what
> to do, when to do it. You don't want blocking mode here either. You want to
> handle the situation by yourself knowing if the user is logged or not. Tha
> auths class outputs nothing, it just returns you a value that says if he is
> logged in or not
>
> They are two different things, but they eat the tail one each other, as it is
> now.
>
> My auth class, with the splashform behaviour, suits your need perfectly the
> same as before.
> The 'form' aim (preveting registration with a single POST, maybe from a batch
> script), is not needed once we are sure, for example, that a new session can
> be obtained by simply appending ?Example_session=foo to the URL request. The
> effect is the same as that of having previously requested a login form:
> prevents single POST registration
>
>
> Gian
So, Gian, are you saying that your new Auth class provides both behaviors,
but that your "splash login page" although it looks the same to the
user, it is distinctly functionally different from the current PHPLIB
blocking method?
I'm having a hard time understanding. I don't want users to be able
to see ANY protected page without logging in, and ALL of my pages are
protected pages. The way it works now using the PHPLIB blocking method,
all I have to do is call page_open() and it is assured that they are
blocked until they have logged in and gotten a session ID in a cookie
(fallback to GET). Does your "splash form" behavior in your new Auth
do that?
Thanks!
--
..chris
|
