Hello Chris, Le jeudi 9 avril 2015 12:30:34 UTC+2, Chris McDonough a écrit : > > On 04/09/2015 04:09 AM, Christophe de Vienne wrote: > > Hi everyone, > > > > We are implementing a IAuthenticationPolicy that requires, to get the > > actual userid, an access to the database [1]. > > > > Should unauthenticated_userid always return None to avoid a database > > access, or access the database to always return the same userid > > authenticated_userid will return? > > > > The documentation [2] is unclear about what matters most: "performs the > > same duty as authenticated_userid", or "needn't (and shouldn't) check > > any persistent store". > > It should return the userid value sent in the request (usually in a > cookie) without checking if the userid is valid in any way. >
I understand that. However the actual userid is not present in the request. Only a token that is associated to a user in the database. Which means that getting an actual userid makes a database access mandatory. Hence the question: should unauthenticated_userid returns an actual userid no matter what or let the actual job to authenticated_userid by returning None? Christophe -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
