Any opinions on this? The issue with the flash message problem seems to be the "interstitial" page /login_check that doesn't really display anything to the user but merely makes a decision where to redirect the user to. Maybe it would be possible to mark such interstitial routes with a flag and have symfony not remove the flash message and instead carry it over to the next page. That would result in the expected behavior and the flash message could be displayed on the real "next" page after the login attempt.
Regards, Dennis On Nov 3, 12:36 am, Dennis Jacobfeuerborn <[email protected]> wrote: > Now that I got the form login going I'm trying to implement proper > error reporting. > I've already implemented the display of errors in a special area using > flash messages for the rest of the application and this approach works > well but when I try to implement this for the login form I run into > trouble. > > The first issue is how do I determine that I reached the controller > method as the result of a login attempt? Usually I use > $this['request']->getMethod() == 'POST' to check if this a submit but > since the controller method is called as the result of a redirect this > doesn't work. > Then I thought maybe I can also check if the request is a redirect but > that doesn't work either because the controller method also gets > redirected to when the user is not authenticated and simply tries to > request "/". Lastly I thought about checking if _username is non-empty > but that fails if the user hasn't entered a username. > Is there a foolproof way to determine if we got here by means of an > authentication attempt? > > A second issue is how I get the error type when the authentication > fails. The example code uses: > $error = $this['request']->attributes- > > >get(SecurityContext::AUTHENTICATION_ERROR); > > The problem is that this is not an error code but english text. Is it > guaranteed that this text will never change for the individual so it > can be checked against? Usually I would expect a function that returns > an abstract error code like e.g. > SecurityContext::ERROR_BAD_CREDENTIALS that I could check and then > output the appropriate message. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
