[albatross-users] login integration challenges again
Eric S. Johansson
esj at harvee.org
Thu Sep 25 05:08:44 EST 2003
Matt Goodall explained:
> On Wed, 2003-09-24 at 19:08, Eric S. Johansson wrote:
> If users must *always* be authenticated to use the application, and you
> are not using Albatross in random mode, then the simplest solution is
> probably to set the start page to your login page. Once the user
> authenticates correctly call ctx.set_page() to move to the main
> application page. If the user restarts the browser or the session times
> out the user will be automatically sent back to the login page.
the whole point behind authentication is that the user must be authenticated
every step of the way no matter how they entered the application. For that
reason, I'm coming to appreciate the "login wrapper" model even though it does
appear to have problems with persistence. I need to investigate that a little
further.
> If you only want authentication to happen on first access to a protected
> page then it would probably be best to override one of the Albatross
> methods rather than scatter access control checks throughout your page
> code.
>
> The two more obvious Albatross methods to override are set_page() and
> page_enter(), I would have to look at the Albatross code to decide which
> one to override. If the user is already authenticated then call the
> parent class's version of the overridden method; if not then redirect()
> or set_page() to your login page, passing enough information to return
> to the current page later.
this makes sense. To make sure I'm understanding what you are saying correctly,
I would create a new variation on the albatross classes in which I override one
of a couple of methods. In the overrides, I can redirect control if
authentication fails.
The only challenge with this model is that I'm not sure how to preserve the
entire context.locals state so that it will be presented next time around just
like it was the first time except with authentication.
>
> Hope this helps.
as always, it does.
---eric
More information about the Albatross-users
mailing list