On 04/09/2015 08:33 AM, Christophe de VIENNE wrote:
Hello Chris,Le jeudi 9 avril 2015 12:30:34 UTC+2, Chris McDonough a écrit : On 04/09/2015 04:09 AM, Christophe de Vienne wrote: > Hi everyone, > > We are implementing a IAuthenticationPolicy that requires, to get the > actual userid, an access to the database [1]. > > Should unauthenticated_userid always return None to avoid a database > access, or access the database to always return the same userid > authenticated_userid will return? > > The documentation [2] is unclear about what matters most: "performs the > same duty as authenticated_userid", or "needn't (and shouldn't) check > any persistent store". It should return the userid value sent in the request (usually in a cookie) without checking if the userid is valid in any way. I understand that. However the actual userid is not present in the request. Only a token that is associated to a user in the database. Which means that getting an actual userid makes a database access mandatory. Hence the question: should unauthenticated_userid returns an actual userid no matter what or let the actual job to authenticated_userid by returning None?
Ideally, both methods should return the same kind of thing. If unauthenticated_userid returns a token, so should authenticated_userid.
- C
Christophe -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>. To post to this group, send email to [email protected] <mailto:[email protected]>. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
-- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
