On Wednesday, October 22, 2003, at 04:39 AM, Mark H wrote:
what you describe here is (at least by me) preceived as 'application
controller' logic and not as 'validation'
I still see it as validation, instead of validating against static values
you are validating against a set of values in a database.
I disagree -- it's not a matter of "static values" vs. "values in a database".
What you are talking about is "validating" a user, right? Woody -- OTOH -- is about "form validation", i.e. rejecting form submissions that are incomplete or with values that are not well-formed according to some rules.
If I try to log in to your system as an invalid user, that does't make it an invalid form submission. Presumably the form submission is perfectly valid if its data has made it to your user authentication module.
If you want to interpret "validation" (on the basis of some API) as meaning nothing more specific than, "if something bad, try again; if I like, then keep going", then logically why not load any and all processing of form-driven requests into "form validation"? If the action succeeded, move on, otherwise invoke setValidationError()?
Session-wide user authentication has side-effects, while form validation is not expected to have side-effects, etc.
My advice would be, don't let a hangup over the word "validation" suck you into trying to abuse a form validator for something other than form validation.
my $.02 worth,
~ml
