Hi Steven,
My home page has some personalized content that I show when a known
user visits without requiring them to log in on each visit. But
right now when I visit the home page with an expired authid cookie
(or no authid at all, but with a valid rememberid cookie), I get
the anonymous view. Then I click on my "My Account" link and the
system generates a new authid for me based on my rememberid cookie.
If I then go back to the home page I see the personalized version.
Am I correct in concluding that the "remember me" feature only
creates a new authentication session when the user attempts to
visit an authenticated element, but doesn't have any effect on
identified elements? Is that intended behavior or a bug? If it's
intended, is there a configuration option to get auto session
creation on identified elements too?
This is intended behavior. The remember me functionality allows
people to automatically log in when content is protected through
authentication. Many of the ideas come from this post:
http://fishbowl.pastiche.org/2004/01/19/
persistent_login_cookie_best_practice
It's not meant to store user information in cookies when they are not
logged in. The identification facility is only able to identify users
that are logged in.
Barring such an option, is there a better approach than maintaining
my own "user ID" cookie that's not used by RIFE's authentication
code? That seems like the obvious solution to me at this point but
maybe there's a better way.
The way that I do it is by having an authenticated embedded element
in my templates that is executed before all the rest. The user will
then automatically be logged in through that.
Hope this helps,
Geert
--
Geert Bevin
Uwyn "Use what you need" - http://uwyn.com
RIFE Java application framework - http://rifers.org
Music and words - http://gbevin.com
_______________________________________________
Rife-users mailing list
[email protected]
http://lists.uwyn.com/mailman/listinfo/rife-users
