> I also > recently thought about extending this servlet by adding > another property > authType which is fed with the value of the > HttpServletRequest.getAuthType() method. you would extend SessionInfoProvider? +1, authType is session related and, as you mentioned, more stable than '"anonymous" != Sling.getSessionInfo.userID' Also, I could use it right now in the jQuery JCR Explorer ;-)
> -----Original Message----- > From: Felix Meschberger [mailto:[email protected]] > Sent: Monday, August 30, 2010 2:29 PM > To: [email protected] > Subject: Re: Howto determine whether the user is > authenticated/logged in > > > Hi, > > On 30.08.2010 14:05, Clemens Wyss - MySign AG wrote: > > what is the appropriate way to determine whether a user is > authenticated/logged in? Anything more explicit than > > !request.resourceResolver.getUserID().equals("anonymous") > > ? > > On the server side, the correct thing is to check the value of the > HttpServletRequest.getAuthType() method. If this method returns null, > the request is not authenticated. > > Checking for the "anonymous" user id is not stable for two reasons: A > user may have authenticated as the "anonymous" user or the > user used for > unauthenticated request is not necessairily called "anonymous". > > > > > How about on the client side (javascript)? Anything else than > > "anonymous" != Sling.getSessionInfo.userID > > ? > > The client currently is a problem, because the Sling session > information > servlet is incomplete and does not have this information. I also > recently thought about extending this servlet by adding > another property > authType which is fed with the value of the > HttpServletRequest.getAuthType() method. > > WDYT ? > > Regards > Felix >
