Hi, On 30.08.2010 14:05, Clemens Wyss - MySign AG wrote: > what is the appropriate way to determine whether a user is > authenticated/logged in? Anything more explicit than > !request.resourceResolver.getUserID().equals("anonymous") > ?
On the server side, the correct thing is to check the value of the HttpServletRequest.getAuthType() method. If this method returns null, the request is not authenticated. Checking for the "anonymous" user id is not stable for two reasons: A user may have authenticated as the "anonymous" user or the user used for unauthenticated request is not necessairily called "anonymous". > > How about on the client side (javascript)? Anything else than > "anonymous" != Sling.getSessionInfo.userID > ? The client currently is a problem, because the Sling session information servlet is incomplete and does not have this information. I also recently thought about extending this servlet by adding another property authType which is fed with the value of the HttpServletRequest.getAuthType() method. WDYT ? Regards Felix