Hello everyone,
I'm working on an app which protects certain areas with a
username/password. I was wondering if I could get some "best practice"
opinions on where the best place to perform this checking would be?
Currently I have it as follows:
In index.php I have session_start() to init the session.
In IndexController I have a preRun() method (see MVC refactoring
proposal) that gets executed before the action. It contains something like:
if (!$_SESSION['authenticated']) {
$this->forward('auth', 'logonForm');
}
And then AuthController takes care of the logonAction, logoffAction, and
logonFormAction
--------------------
Of course this is only one way to do it. I could do the checking in
index.php, or in a FrontController plugin too, etc... My main thing is
to try and minimize the amount of code repeated. In my current method I
would have to duplicate the same code in the preRun() method of every
ActionController.
Look forward to hearing some opinions,
-Michael
