db_prefix setting: change from assocdb_table

[cgi-auth-flexible.git] / DESIGN

diff --git a/DESIGN b/DESIGN
index 33ea59251590030bb634021edb4cb0bcf0922955..3a172c7ced94dcb91e647d9df1e4b2c6ce103f61 100644 (file)
--- a/DESIGN
+++ b/DESIGN
@@ -40,3 +40,47 @@ app needs to check for logout button submission
   delete this login
     which mostly does what check does and then also deletes the
     assoc and the cookie
   delete this login
     which mostly does what check does and then also deletes the
     assoc and the cookie

+
+
+
+----------------------------------------
+
+DECISONS
+clearing cookies does log out?
+no persistent cookie?
+allow read-only post/get distinction?
+
+does not support persistent cookie, as that needs two db entries etc.
+ two cookies complicated api
+
+clearing cookies always logs out
+
+
+----------------------------------------
+
+app supplies
+
+ - func to tell whether it's a login form,
+      defaults to password form field
+ - func to check login details
+ - func to tell whether it's a logout form,
+      defaults to logout action form field list
+ - func to tell whether it's programmatic
+      defaults to always false, somewhat poor EH
+
+we supply
+
+ - thing to call right at the beginning,
+   tells app to divert to one of
+      just logged out page
+      cookies disabled page
+      stale form login form
+      login form
+      "session interrupted"
+      a redirect
+
+ - version of the above which deals with the request
+
+ - thing which app must call when mutating
+      (alternatively app must check that method is POST for mutates)
+      (alternatively.2 every GETs is decreed to produce a login form)