On Tue, 2003-06-10 at 23:43, Michael L. Artz wrote: > Well, I figured that the AuthenHandler already parsed the authentication > cookie and declared it valid, so I didn't really see a point the in > doing it at the beginning of every script. $r->user just seemed more > intuitive to me.
Well, I'm not sure what's involved in determining $r->user aside from reading the cookie. It may not make any difference. Here's a typical pattern for this: - Fetch the session key from the validated cookie. - Load the session using that key. - Grab the user ID from the session. - Load the user's data based on that ID. The session stuff could be done in a separate phase before the content handler, or it could be done on demand when your script calls some utility method that knows how to get the current session. Same with the user. - Perrin