On Fri, Jan 29, 2010 at 7:21 AM, Simon Holywell <[email protected]> wrote: > Doesn't your login mechanism use sessions anyway?
Even if cookies are required to use the app, I think there is a different reason to not use session variables here (or at least not use them naively): the case of multiple windows/tabs being open, all on your site. For example, if the user submits the form (each with different data) from 2 tabs. The user is not logged in, so will be redirected to the login on both. Then a mechanism must be in place to ensure the right window accesses the right session variable (say to show the correct data/message after saving). (This is a pet peeve of mine: I find it *so* annoying when I cannot do multiple things on one site. I suspect it can be confusing to people that don't know what's going on as well) So I would: - Redirect to a login page that has a GET variable for the id/hash of the row (as mentioned previously) - Or, if you want "clean" urls on the page, you could *not* redirect to another page, but show the login right on the target page of the POST of the initial form. You could insert hidden inputs into the form (say the id/hash of the row), that the login action could then process (say, creates a forwardcontainer to an action that handles the saving to database.) Michal. _______________________________________________ users mailing list [email protected] http://lists.agavi.org/mailman/listinfo/users
