On Apr 15, 4:55 pm, Mariano Iglesias <[email protected]>
wrote:
> > > Anyway if you get the flash messages, it should be consumed by the login
> > > action. Meaning that if you enter wrong credentials, and thus the login
> > > message shows again, then the $this->Session->flash('auth') line should
> > > consume the message.
>
> > I would guess (that recipe isn't in my RAW pdf, which I haven't
> > updated) the issue is that if you rely on auth to log you in by
> > username - and rely on the users' login action to log you in by email
> > that means if you login by email the following happens:
>
> > auth startup
> > (auto) auth->login
> > fail
> > add flash message
> > run login ation
> > try to login
> > success
> > redirect user
>
> That's exactly right
>
> > There's nothing in the auth component to clear out the auth error
> > message upon login, therefore the "sorry, couldn't log you in" message
> > is (obviously) still in the session - and you'll see it on the next
> > page to render.
>
> You are right, and I didn't understand what the problem was originally.
>
> > > What you can do is remove the $this->Session->flash('auth') from your
> > > layout, and instead place it in your app/views/users/login.ctp view,
> > since
> > > that's where the user will be redirected if there's an auth error anyway.
>
> > Forgive me for saying that's a horrible idea. Why not just session-
> > >delete the flash message in the controller action after successfully
> > logging in a user?
>
> I don't think showing the *AUTH* flash messages in the login screen is a
> *horrible* idea. The login view is by default where you are taken after an
> auth issue, and since the auth flash messages are how the Auth component
> tells you about the auth issue, then showing those messages where the user
> is redirected makes sense. Saying that's a horrible idea is wrong, to say
> the list. Maybe it's horribly wrong?
Let me clarify: changing things such that they impact the site design
and the user to get around something which is a development problem
("all flash messages show up <here> in the layout. always." -> "all
flash messages show up <here> in the layout. Except these ones which
we'll put <somewhere else> because of <not really our choice, there's
some floating data in the session polluting things, but if we put them
here...>") is a step in the wrong direction - it's fixing symptoms
not causes, not a habit to promote.
>
> In any way, I do like the idea of deleting the flash message
> upon successful login.
>
> John: all you'd need to do, is add the following line right below the "if
> (!empty($user) && $this->Auth->login($user)) {" condition:
>
> $this->Session->delete('Message.auth');
>
> PS: Andy, how is it that you did not get an updated RAW version?
Dunno - Maybe I missed a mail - will check and bug you if there's
something wrong (probably not) :)
AD
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
