I need to ask the experts of Login, Session, cookie and authentication handling urgently for a general peer review of a very short code part. The code works well, but I wish to have some comments of you experts.
http://bugzilla.wikimedia.org/show_bug.cgi?id=1360 (incl. a flowchart) The next is sniplet from http://bugzilla.wikimedia.org/attachment.cgi?id=400&action=view
if loadfromsession() does not find credentials to login in via the session, it returns by calling Auth:initUser()
Auth::initUser() does basically .... (compose a new user account entry based on authentication data) ..... $user->saveSettings(); $user->spreadBlock(); if( !isset( $_COOKIE[ini_get('session.name')] ) ) $user->SetupSession(); $user->setCookies(); return $user;
My question: ========= is the sequence of steps, especially the position of the SetupSession() correct ?