In Merb:: Authentication, the default implementation of authenticated?
is:
def authenticated?
!!user
end
This of course follows the default behavior of loading the user from
DB every time authenticated? is called, which is every page rendering
if you are following basic auth protections. This is highly
inefficient and I would like to understand why it works this way
The user's id is stored in the session object. It is only necessary
to check if this id is set to know if the user has been
authenticated. It is not necessary to load the user object until
later when/if other app behavior demands it.
I would submit a patch, but when I look at other auth code in auth-
more and the password-slice, I think I would break things. I find
some of the auth code a bit too highly factored for a newbie to touch.
In addition to this inefficiency, I find that when I need to login a
user from other than the slice behavior (for example, a user activates
his account and I want to auto-login as part of the success of the
activation) the most straightforward thing to do is call "session.user
= my_newly_activated_user". This works, but in a refactored world
where you rely on the user's session id to be set, you would also want
the default user= method to also set the session user_id and not wait
for the session object to get serialized to do so.
thanks, Jon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"merb" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/merb?hl=en
-~----------~----~----~----~------~----~------~--~---
