In CakePHP it is really easy to force users to login before executing actions. I inserted this functionality today and I’m very happy that it is so flawless.

The class app_controller.php has a function now that checks the current session. The function is used in important actions to functions to protect the content from unregistered users. This content is the user list or the “add recipe” functionality. I consider actions that change content or reveal too much information as important and try to protect them.

The mechanism used to redirect a user to the login has a nice feature now: it allows the redirect target to be specified when checking the session information. So, after login the user will be redirected to the proper page again and continues it’s journey without being interrupted. I think this is important for the usability and the experience of Crisoft. I try to figure out how to manage those things with PHP and CakePHP, and maybe I find a new way to solve this in a few weeks. Until then, you can go check out the files in the CVS and maybe you have some comments and feedback on it. I’ll be happy to hear about your opinion!