[pmwiki-users] authentication problems (built-in and authuser)

Patrick R. Michaud pmichaud at pobox.com
Thu Nov 24 10:51:55 CST 2005

On Wed, Nov 23, 2005 at 05:37:11PM -0600, Patrick R. Michaud wrote:
> PmWiki 2.1 will have ?action=login available, which will display
> Site.AuthForm under the current url.  I think I'll do this for
> 2.1.beta4.

Okay, I have a question about the design for ?action=login.  First,
the basic model, and we'll assume user-based authorization:

   - A visitor comes to a site, then clicks on a "Login" link that
     invokes ?action=login on the current page.
   - This presents a login form (Site.AuthForm, or possibly we need
     a separate Site.LoginForm) that prompts the visitor for a
     username+password combination.
   - If the visitor successfully authenticates, she is returned
     to the page being browsed when ?action=login was invoked.
     (Alternatively, the visitor could be taken to a "you have 
     logged in" page.)

Okay, my question:  what should happen if someone that is already
authenticated (logged in) invokes ?action=login ?  Should this 
imply ?action=logout, should it present a message that the 
visitor is already logged in, or should it simply allow them to 
login again?  If this last option, what should happen if the 
second login is unsuccessful -- should it present the form again, 
or just accept their previous login information?

I'm guessing that most people would expect ?action=login
to automatically logout any previous login, but I wanted to
verify that expectation with the list first.


More information about the pmwiki-users mailing list