[pmwiki-users] authentication problems (built-in and authuser)
Patrick R. Michaud
pmichaud at pobox.com
Thu Nov 24 10:51:55 CST 2005
On Wed, Nov 23, 2005 at 05:37:11PM -0600, Patrick R. Michaud wrote:
> PmWiki 2.1 will have ?action=login available, which will display
> Site.AuthForm under the current url. I think I'll do this for
> 2.1.beta4.
Okay, I have a question about the design for ?action=login. First,
the basic model, and we'll assume user-based authorization:
- A visitor comes to a site, then clicks on a "Login" link that
invokes ?action=login on the current page.
- This presents a login form (Site.AuthForm, or possibly we need
a separate Site.LoginForm) that prompts the visitor for a
username+password combination.
- If the visitor successfully authenticates, she is returned
to the page being browsed when ?action=login was invoked.
(Alternatively, the visitor could be taken to a "you have
logged in" page.)
Okay, my question: what should happen if someone that is already
authenticated (logged in) invokes ?action=login ? Should this
imply ?action=logout, should it present a message that the
visitor is already logged in, or should it simply allow them to
login again? If this last option, what should happen if the
second login is unsuccessful -- should it present the form again,
or just accept their previous login information?
I'm guessing that most people would expect ?action=login
to automatically logout any previous login, but I wanted to
verify that expectation with the list first.
Pm
More information about the pmwiki-users
mailing list