|
Posted by kevin bailey on 10/13/06 14:42
I have a framework working where I have multiple pages each checking the
authentication status.
Unauthorised users are redirected to a login page - otherwise the requested
page is shown.
Now my question is just to get a little clarification.
On the login page I create and object of type Auth
$a = new Auth("MDB2", $options, "loginFunction");
and then run
$a->start();
Fine so far.
Now at the top of the each authorised-only page I create a new Auth object
and then check the auth status.
$a = new Auth("MDB2");
if (!$a->checkAuth()) {
HTTP::redirect("login.php");
}
My question is that the new Auth object - $a - can be created with *any*
parameters. It could even be:
$a = new Auth("DB");
And the check works fine.
Do I take it that the Auth object only needs the correct container and
options set up when it runs the start() method? If the name/password come
back in as POSTED correctly then start() will create session variables.
And I take it that these session variables can then be checked by any old
invocation of Auth?
Thanks for any clarification,
Kevin
Navigation:
[Reply to this message]
|