tags:

views:

25

answers:

2

I've searched around and found that when implementing an authentication module in MVC architecture some people opt to place the login related actions in the User controller while others place it in a controller dedicated to authentication only.

In pseudo-java-like code:

class UserController extends Controller {

    public login() {
        //...
    }
}

Accessed with http://mydomain.com/user/login.

vs.

class AuthController extends Controller {

    public login() {
        //...
    }
}

Accessed with http://mydomain.com/auth/login.

I would like to know which approach is better, and why. That is, if there's really any difference at all.

Thanks in advance.

+1  A: 

I prefer the first approach, with the simple reasoning that the authentication is an action pertaining to the user. And in general, I prefer my controllers to reflect the real-life entities my logic deals.

Franci Penov
+1  A: 

IMO:

  • The stuff handling the actual login should be in a controller, like the UserController you suggested.
  • Persistent authentication (e.g. checking whether a user is logged in) could just be some functions in the UserModel, which you call from any controller.

Depending on the situation, you may want some kind of global function that redirects to the login page if the user is not logged in.

DisgruntledGoat