Maybe just keep the email address in the session for this purpose. You could still use Auth decorators if desired: @auth.requires(session.email!=None) As for accessing the shopping cart on a return visit, you might enable that via a long session expiration, but I'm not sure it's a good idea to allow access simply by entering a matching email address (without a password and with no active session). Anthony
On Tuesday, August 23, 2011 1:43:48 PM UTC-4, peter wrote: > I have been thinking about keeping registering and ‘logging in’ to a > minimum on websites. We all hate registering with websites unless > absolutely necessary, right? I am building an online store for music > downloads. If the user does an 'add to cart', it would be nice if they > did not have to register or login, but only provide their email > address. Admin could provide a provisional login. One would decorate > relevant functions with @auth.requires.provisional.login. > > The provisional login would only ask the users for their email address > (and explain this is just to use as a unique identifier for them). > Auth.user.id would work correctly if they had previously registered. > If they had not previously registered, a record would be added to > db.auth_user, giving a new auth.user.id. The user could remain at this > provisional login stage whilst viewing the cart and doing various > other activities. > > The user need only register after they click ‘pay now’. If they have > previously registered then they need not login even at the ‘pay now’ > stage. Only when they go to view their paid for downloads should they > need to login. > > I am a big fan of websites being as friendly as possible and as > unofficious as they can be. > > I had original thought that the provisional auth_user records would be > deleted after 24 hours, but I think it is actually better if they > remain in the database, then users can come back and access their cart > at a later date. > > What do other people think of this idea. It does not seem to reduce > security. > > Peter >
