durusmail: quixote-users: Problem with NotLoggedInError login scheme
Problem with NotLoggedInError login scheme
2005-03-03
Mario Ruggier (2 parts)
2005-03-04
Shalabh Chaturvedi
2005-03-04
Mario Ruggier
Problem with NotLoggedInError login scheme
Shalabh Chaturvedi
2005-03-04
Mario Ruggier wrote:
> Hello,
>
> in the form-based login scheme, as in  the demo below, there seems to be
> a conceptual problem -- and that is that for this scheme to work, a
> session must already exist. I.e., if, as your first access to the site,
> you try to access a protected page, a session is not created!

IMO, any scheme using _q_access() and throwing/catching exceptions for
login does not go very far. I view an invalid (or non-existant) session
not as an exception but as normal operation that needs a conditional
flow in the web application. That is why I always use (something like)
the following at the top of methods I want to protect:

     if not get_user():
         return self.skin.loginpage(return_to=...,msg='...')

Often I don't want to protect the entire object (but only certain
methods) and other times I just want to show different views (based on
login) from the same method. Having access checking and flow control
within the method seems to be much easier to implement as well as
understand.

Shalabh
reply