notice instead of stop-pages

[Илья]

Hi!
I think we can use simple notice instead of pages for

action_not_authorized
login_succeeded
logout_succeeded

and we should just redirect to login page if someone trying to edit
page but did not login.
This make November a little bit friendly. I expect this behavior from
any modern web application.

Any objections? I will do that if not.

Ilya

[Carl Mäsak]

Илья (>):

I think that sounds like a good idea. I expect that kind of behaviour too.

A question: How will November know to show the notices?

// Carl

[Илья]

Hi!

> I think that sounds like a good idea. I expect that kind of behaviour too.
>
> A question: How will November know to show the notices?

Just array of notices, 'if notices' and 'for notices' in template.

Ilya

[Carl Mäsak]

Илья (>), Carl (>>):

>> I think that sounds like a good idea. I expect that kind of behaviour too.
>>
>> A question: How will November know to show the notices?
>
> Just array of notices, 'if notices' and 'for notices'  in template.

Oh, I get that part, no problem. What I was wondering was more along
the lines of: how will the information about the notices be
communicated to the page?

With the notice "You were successfully logged in", for example, we
want to redirect to an ordinary GET request (so that when people
restart their browsers, they won't get funny message boxes about
information needing to be re-sent), but where then to tell this page
that it should also show a notice? It seems to me statelessness gets
in the way here.

With notices like "Someone is already editing this article. Step
carefully" it's easier -- the page can itself find this out.

// Carl

[Илья]

> Oh, I get that part, no problem. What I was wondering was more along
> the lines of: how will the information about the notices be
> communicated to the page?
>
> With the notice "You were successfully logged in", for example, we
> want to redirect to an ordinary GET request (so that when people
> restart their browsers, they won't get funny message boxes about
> information needing to be re-sent), but where then to tell this page
> that it should also show a notice? It seems to me statelessness gets
> in the way here.
>
> With notices like "Someone is already editing this article. Step
> carefully" it's easier -- the page can itself find this out.

Ah yes, we need something like flash in Catalyst, magic hash witch
pairs lives only until a first read. Session information with specific
behaviour.

Ilya

[Carl Mäsak]

Илья (>):

That means it's only possible to do this when the user is logged in, yes?

Anyway, I like the idea. I'm also glad there's a precedent in Catalyst
(of which I know too little at present). Furthermore, it sounds like
something that'll eventually move up to the Web level, because other
projects might need to address the same issue.

// Carl

[Moritz Lenz]

Carl Mäsak wrote:
> Илья (>):
>>> Oh, I get that part, no problem. What I was wondering was more along
>>> the lines of: how will the information about the notices be
>>> communicated to the page?
>>>
>>> With the notice "You were successfully logged in", for example, we
>>> want to redirect to an ordinary GET request (so that when people
>>> restart their browsers, they won't get funny message boxes about
>>> information needing to be re-sent), but where then to tell this page
>>> that it should also show a notice? It seems to me statelessness gets
>>> in the way here.
>>>
>>> With notices like "Someone is already editing this article. Step
>>> carefully" it's easier -- the page can itself find this out.
>>
>> Ah yes, we need something like flash in Catalyst, magic hash witch
>> pairs lives only until a first read. Session information with specific
>> behaviour.
>
> That means it's only possible to do this when the user is logged in, yes?

Why?
A session cookie can also be (made) available without any log in.

> Anyway, I like the idea. I'm also glad there's a precedent in Catalyst
> (of which I know too little at present). Furthermore, it sounds like
> something that'll eventually move up to the Web level, because other
> projects might need to address the same issue.

Agreed.

Cheers,
Moritz

--
Moritz Lenz
http://perlgeek.de/ | http://perl-6.de/ | http://sudokugarden.de/

[Carl Mäsak]

Moritz (>), Carl (>>), Илья (>>>):

>>> Ah yes, we need something like flash in Catalyst, magic hash witch
>>> pairs lives only until a first read. Session information with specific
>>> behaviour.
>>
>> That means it's only possible to do this when the user is logged in, yes?
>
> Why?
> A session cookie can also be (made) available without any log in.

I guess... though I'm a bit reluctant to push even a little
functionality to cookies which might be rejected by the client.
Basically, I consider a logged-out user someone with whom I have no
binding contract at all.

Then again, amazon.com has the best session handling I know, and they
do something like that. (They seem to keep a cookie around even when
you're logged out, and only require you to log in when doing stuff, as
opposed to just browsing.) Need to think about this more.

// Carl

[Carl Mäsak]

Here's Ian Bicking proposing a js solution.

<http://blog.ianbicking.org/2008/12/17/javascript-status-message-display/>

I'm not sure doing this with js is a better solution than with
cookies, but it's an interesting idea.

// Carl