[Catalyst] Re: Calling Controller Methods from inside begin or auto.

Aristotle Pagaltzis pagaltzis at gmx.de
Wed Sep 30 17:13:47 GMT 2009

* Bill Moseley <moseley at hank.org> [2009-09-30 16:00]:
> I also do not detach to a login page, rather I always redirect.
> Not sure I remember the details of that choice, but one reason
> might have been I didn't want a URL for one resource to return
> a 200 yet not return the response for that URL and instead
> return a login form.

I detach. My login action sets status 403 and pragma no-cache
(etc) when it’s not requested directly. I’d love to be able to
just send 401 instead and let the user agent take care of
everything (which would transparently and securely deal with
POSTs sent with expired auth credentials) – unfortunately the
HTTP Auth UI in browsers is universally shoddy. If I felt the
need, I could also check for browser vs automated agent and send
either form + 403 to browsers and just a 401 to other clients.

Aristotle Pagaltzis // <http://plasmasturm.org/>

More information about the Catalyst mailing list