Em 26-05-2011 09:50, Christian Johansen escreveu:
This is about code intention. What is the intention about the code
below?
def ssl_required?
return false if !GitoriousConfig["use_ssl"] # readable, easy
to understand the intention
return true if request.ssl? # very easy too
!request.session_options[:expire_after].nil? && logged_in? #
Completely unclear to me what is the intention for this
end
When I understand what is this code intention I can come with some
suggestion.
I like your approach :) Gitorious should enforce SSL if:
* use_ssl in gitorious.yml is true
* the user is already on SSL
* user is logged in
* session is in use
So !request.session_options[:expire_after].nil? is our "session is in
use" flag. Suggestions?
I still need to understand this better. For instance, how is it possible
for the user to be logged in while the session isn't in use. What does
it mean "session is in use"?
Also, what is the relation between using SSL and the user being logged
in? The user should be checked for logged in just when trying to view
some page that requests the user to be logged in. This should not be
associated to SSL being enabled or not from my point of view. Could you
clarify this?
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
