action_not_authorized
login_succeeded
logout_succeeded
and we should just redirect to login page if someone trying to edit
page but did not login.
This make November a little bit friendly. I expect this behavior from
any modern web application.
Any objections? I will do that if not.
Ilya
I think that sounds like a good idea. I expect that kind of behaviour too.
A question: How will November know to show the notices?
// Carl
> I think that sounds like a good idea. I expect that kind of behaviour too.
>
> A question: How will November know to show the notices?
Just array of notices, 'if notices' and 'for notices' in template.
Ilya
Oh, I get that part, no problem. What I was wondering was more along
the lines of: how will the information about the notices be
communicated to the page?
With the notice "You were successfully logged in", for example, we
want to redirect to an ordinary GET request (so that when people
restart their browsers, they won't get funny message boxes about
information needing to be re-sent), but where then to tell this page
that it should also show a notice? It seems to me statelessness gets
in the way here.
With notices like "Someone is already editing this article. Step
carefully" it's easier -- the page can itself find this out.
// Carl
Ah yes, we need something like flash in Catalyst, magic hash witch
pairs lives only until a first read. Session information with specific
behaviour.
Ilya
That means it's only possible to do this when the user is logged in, yes?
Anyway, I like the idea. I'm also glad there's a precedent in Catalyst
(of which I know too little at present). Furthermore, it sounds like
something that'll eventually move up to the Web level, because other
projects might need to address the same issue.
// Carl
Why?
A session cookie can also be (made) available without any log in.
> Anyway, I like the idea. I'm also glad there's a precedent in Catalyst
> (of which I know too little at present). Furthermore, it sounds like
> something that'll eventually move up to the Web level, because other
> projects might need to address the same issue.
Agreed.
Cheers,
Moritz
--
Moritz Lenz
http://perlgeek.de/ | http://perl-6.de/ | http://sudokugarden.de/
I guess... though I'm a bit reluctant to push even a little
functionality to cookies which might be rejected by the client.
Basically, I consider a logged-out user someone with whom I have no
binding contract at all.
Then again, amazon.com has the best session handling I know, and they
do something like that. (They seem to keep a cookie around even when
you're logged out, and only require you to log in when doing stuff, as
opposed to just browsing.) Need to think about this more.
// Carl
<http://blog.ianbicking.org/2008/12/17/javascript-status-message-display/>
I'm not sure doing this with js is a better solution than with
cookies, but it's an interesting idea.
// Carl