Please read the "Explanation" below before answering this question
Question ======== Using the AuthComponent how can I accurately determine if a login attempt was successful inside of my "login()" function? Explanation ============ The manual (http://book.cakephp.org/view/395/autoRedirect) states the following for the autoRedirect variable referencing the use of the login() function: "...This is the best place to determine whether or not a successful login occured by the AuthComponent ...." Here's the problem: User A walks up to a terminal and logs in. AuthComponent does it's job and User A is now logged in and browsing the site. User A walks away WITHOUT logging out. User B walks up to the terminal, clicks the login link and mistypes their password. Here's what happens: User B doesn't realize it but the system "logged them in" anyways (even though their credentials were wrong) re-using User A's information. How? Examine the code in the manual. The checks are: .......... Check #1: if ($this->Auth->user()) Check #2: if(!empty($this->data)) .......... Check #1 passes since User A never logged out (the Auth session variable for User A still exists) Check #2 passes because the login form was submitted by User B Frustration =========== Here's the frustrating part: It appears that the AuthComponent itself is doing it's job correctly, it doesn't set a new Auth session variable for User B and returns false since the credentials were incorrect. However, the code inside the login function still executes and passes all "if" tests because of the previously logged in user. I can't seem to find what variable-to-test-for/function-to-call to, as the manual puts it, "...determine whether or not a successful login occurred.." A) Is the example in the manual a bad example? B) What am I missing? How can I accurately test that the NEW login was a success or failure? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
