Perrin Harkins wrote (in a discussion with Michael L. Artz): >> Well, I figured that the AuthenHandler already parsed the >> authentication cookie and declared it valid, so I didn't really see >> a point the in doing it at the beginning of every script. $r->user >> just seemed more intuitive to me. > > Well, I'm not sure what's involved in determining $r->user aside from > reading the cookie. It may not make any difference. > > Here's a typical pattern for this: > [...] > > The session stuff could be done in a separate phase before the content > handler, or it could be done on demand when your script calls some > utility method that knows how to get the current session. Same with > the user.
Isn't this more a matter of 'niceness'? Putting the session/user stuff in AuthenHandler and then setting the $r->user makes it clear where the authentication takes place. All other handlers just check if $r->user is set and need not to bother with sessions and stuff? Or is there something against this and would you be a supporter of having it all in the same handler? --Frank
