https://stackoverflow.com/questions/20062705
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe user authentication model I normally implement on an application is that the current user of the application has no identity until they have successfully provided credentials to a back-end. This is typically done through a login form (e-mail/password.)
When the server responds with success, it sets its own authentication information in a cookie, and typically also returns information about the user that the application requires. This information is then what I put into a model and/or store. Depending on if I implemented the backend or someone else, I either manually populate the model/store or it happens automatically.
I don't see what purpose it serves you to maintain a store of un-authenticated user on either the client or server. The best you can do as far as identification is IP address and some combination of HTTP headers, which can lead to all types of errors given how proxies work.
That being said, if it servers some purpose for you to do the work to attempt to maintain a user identity for someone who is un-authenticated, I think your two store/model approach is actually correct. An authenticated and un-authenticated user are two very different things. They could inherit from the same base class model, but that is as far as I would go.
