Hi,
On 30.08.2010 14:05, Clemens Wyss - MySign AG wrote:
> what is the appropriate way to determine whether a user is
> authenticated/logged in? Anything more explicit than
> !request.resourceResolver.getUserID().equals("anonymous")
> ?
On the server side, the correct thing is to check the value of the
HttpServletRequest.getAuthType() method. If this method returns null,
the request is not authenticated.
Checking for the "anonymous" user id is not stable for two reasons: A
user may have authenticated as the "anonymous" user or the user used for
unauthenticated request is not necessairily called "anonymous".
>
> How about on the client side (javascript)? Anything else than
> "anonymous" != Sling.getSessionInfo.userID
> ?
The client currently is a problem, because the Sling session information
servlet is incomplete and does not have this information. I also
recently thought about extending this servlet by adding another property
authType which is fed with the value of the
HttpServletRequest.getAuthType() method.
WDYT ?
Regards
Felix
