Can somebody clarify couple of questions?

Supercharged vkusnaya at gmail.com
Mon Mar 12 20:44:09 PST 2007 

Thanks for support Josh and Sam.

Actually, the only thing I had problems about is that I was trying to
check authentication each time page loads (after user have
successfully logged in).

> check_authentication is only supposed to return success *one* time for
> a given request. As per the other response to this post, you should
> use a session to track the logged in user.

So, while browsing my site, if user goes to verification server and
removes my site from allowed list - he will be still logged in,
because there's no check? Haven't tried to do that on other web-site
though.

I'll give your (JanRain's) library one more try, and try to formulate
all my concerns about it. I do have docs.


On 3/12/07, Josh Hoyt <josh at janrain.com> wrote:
> On 3/11/07, Supercharged <vkusnaya at gmail.com> wrote:
> > I'm using Simple OpenID library, because I could not get JanRain's
> > library to work. Too big and not much documented.
>
> Can you give us (JanRain) some feedback on how we could make the
> library easier for you to use? The reason the library is large is that
> we have tried to make it work in many different environments (e.g.
> MySQL, PostgreSQL, SQLite, filesystem-only, Windows, Linux, PHP
> versions 4.3 all the way to 5.1) and to be able to handle all the
> different cases of the OpenID protocol.
>
> Also, did you find the documentation at openidenabled.com?
> <http://www.openidenabled.com/resources/docs/openid/php/1.2.1/>
>
> We have tried to make sure that we documented the entire public API.
> Is there something specific that is missing?
>
> I don't know about the "simple" openid library. Where can I find it?
>
> > So, what I can do
> > now is make an URL for redirection to verification server, and when
> > user allows authentication and returns back to my site, I'm doing
> > 'check_authentication' with absolutely all parameters same, as I just
> > received from server. And it goes okay, I mean it returns valid. Then,
> > for example, user is browsing thru my pages and I need to check for
> > authentication one more time. I'm doing this again with the same
> > parameters, but it return false.
>

>
> > What is wrong in my logic? I've read all specs lots of times already,
> > but cannot find an answer.
>
> What spec have you been reading?
>
> Josh
>
> _______________________________________________
> Dev mailing list
> Dev at lists.openidenabled.com
> http://lists.openidenabled.com/mailman/listinfo/dev
>

More information about the Dev mailing list