Specification for Authentication Flow

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Specification for Authentication Flow

Post by Ambush Commander »

I've been working on this for a bit of time, and I think now it's time to field it for some comments.

Authentication flow - AuthTools Notes

Comments please. If you can't bring yourself to read it, that's a problem too, which means that I haven't made reading it delightful enough. ;-)
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

It seems like a sufficient coverage of this issues and requirements for a Authentication library.

The part I am suspicious of is the sub-session -- mainly because of you argue a little to strongly for it. My sense is that you have talked yourself into that design, but probably only multiple sessions are needed -- if that.
(#10850)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Seems very well written, I'll read the entire thing when I have more time.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

The part I am suspicious of is the sub-session -- mainly because of you argue a little to strongly for it. My sense is that you have talked yourself into that design, but probably only multiple sessions are needed -- if that.
Arguing strongly for it? :roll: Perhaps I was arguing too strongly against sub-subsessions. You're correct however: subsessions are very much an extra feature. However, I couldn't figure out any way to implement it logically with only hooks, so I made concessions in the core code.

Actually, multiple sessions where the original plan, but I realized that each of these would then have it's own authentication status, and it made more sense to delegate that to one session.

Subsessions are an interesting feature, but I can't see most systems implementing more than one of them.
Seems very well written, I'll read the entire thing when I have more time.
Thanks.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Ambush Commander wrote:Actually, multiple sessions where the original plan, but I realized that each of these would then have it's own authentication status, and it made more sense to delegate that to one session.
Sounds more like you could have a SessionManager (or more specific: SessionStatusManager) that took care of just that. Probably just renaming them (from Session/Subsession to SessionManager/Session) might make sense if that is what they are. The problem with the name sub-session is that it sounds like component/composite thing when you clearly state that it is not.
(#10850)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Probably just renaming them (from Session/Subsession to SessionManager/Session) might make sense if that is what they are.
The trouble with that is that SessionManager is still a session in its own right, so that name is misleading too.
The problem with the name sub-session is that it sounds like component/composite thing when you clearly state that it is not.
It is a component thing. It's not a composite thing.

Maybe if I just found a different name for subsession... (but I am a bit attached to that name, unfortunantely)
Post Reply