[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: New to lua, web framework?
- From: Fabio Mascarenhas <mascarenhas@...>
- Date: Wed, 6 Oct 2010 14:11:20 -0300
2010/10/6 Ignacio Burgueño <ignaciob@inconcertcc.com>:
> On Wed, Oct 6, 2010 at 10:16 AM, Fabio Mascarenhas <mascarenhas@acm.org>
>
> Nice! Maybe 'filter' could take a parameter to reply with a "Not authorized"
> status code directly instead of calling the filtered application. It
> simplifies the application logic (i.e. not having to check for MK_AUTH_ERROR
> in every handler ? )
I thought most applications would want to redirect the user to a login
page in case of authentication failure instead of throwing a "403
Forbidden" back at them (the filter does not try to distinguish
between an expired session or a forged token), and didn't want to
complicate the filter with too many options. It is easy enough to
write your own version of filter, or use the authenticate method
directly (which does distinguish forgery and simple expiration).
> Regards,
> Ignacio
--
Fabio Mascarenhas
- References:
- New to lua, web framework?, kevin beckford
- Re: New to lua, web framework?, Petite Abeille
- Re: New to lua, web framework?, Philippe Lhoste
- Re: New to lua, web framework?, steve donovan
- Re: New to lua, web framework?, Fabio Mascarenhas
- Re: New to lua, web framework?, Ignacio Burgueño