lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


2010/10/6 Ignacio Burgueño <ignaciob@inconcertcc.com>:
> On Wed, Oct 6, 2010 at 10:16 AM, Fabio Mascarenhas <mascarenhas@acm.org>
>
> Nice! Maybe 'filter' could take a parameter to reply with a "Not authorized"
> status code directly instead of calling the filtered application. It
> simplifies the application logic (i.e. not having to check for MK_AUTH_ERROR
> in every handler ? )

I thought most applications would want to redirect the user to a login
page in case of authentication failure instead of throwing a "403
Forbidden" back at them (the filter does not try to distinguish
between an expired session or a forged token), and didn't want to
complicate the filter with too many options. It is easy enough to
write your own version of filter, or use the authenticate method
directly (which does distinguish forgery and simple expiration).

> Regards,
> Ignacio

--
Fabio Mascarenhas