I'd once again suggest loadByUserId(). In the past, I know we discussed terms like loadByPrincipal() (a term popular in Spring). The comment earlier that the cookie-only remember-me implementation uses the username as the identifier revived the problem for me.
I think across the majority of projects, usernames may never change. But across an even greater majority, user ID's never change. Afaik, Spring uses a two-query process for logging in. It resolves the user's login identifier (be it a username or email) to his principal (ID). The user record is then loaded by that ID to obtain the credentials (e.g. hashed password, salt) for password comparison. That system seems far more robust for handling any given probject, and I don't feel it'd add significant complexity to the developer (vs. its benefits in flexibility and separating concerns). On Thu, Apr 21, 2011 at 9:02 AM, Lukas Kahwe Smith <[email protected]>wrote: > > On 20.04.2011, at 11:21, Jordi Boggiano wrote: > > > On 20.04.2011 10:50, Matthias Nothhaft wrote: > >> - "loadByUsername()": Is this really intended to load a user by > >> username? Or can username also be the ID ? Loading users by username > >> will make the system instable if users have the possibility to change > >> their usernames. > > > > As far as I know, username can be anything, and I can't believe that we > > still didn't fix this naming issue. It's been discussed many times, a > > really clear and appropriate term could not be found, but what's sure is > > that username is confusing. > > > I guess we all agree that loadByUsername() is confusing. Its just that > whenever we discussed changing it no alternative got a clear majority and so > it was dropped. Therefore I would say Johannes just rename it to anything > else, your call. It will be better than what we have now :) > > regards, > Lukas Kahwe Smith > [email protected] > > > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- jeremy mikola -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
