How is `isAuthenticated` supposed to be used?

[smessmer]

The examples all just return id != anonymous from isAuthenticated. But I assume isAuthenticated is meant to allow for a scenario where we know who a user is but they're currently not logged in? How would that be represented?

If I understand the implementation correctly, then the user object is not persisted in the session, only the user id is, so adding a bool field to the user object won't actually do anything. So how am I supposed to use this? Or did I misunderstand what isAuthenticated is for?

[smessmer]

oh I think I just realized that, while the example stores userid in the session, I can actually store any serializable struct. So I could store something that contains a user id and a isAuthenticated: bool. Is that the answer?

[genusistimelord]

is_anonymous generally is if they are a guest or not

is_authenticated is if they are logged in user and if they have the rights to Do activities. So in this case true means they can do stuff. to get to true you can either check if they are a guest or not AND/OR if maybe their Email address or something was authenticated which allows them full access. In the easiest of use cases we just check this against if they are a guest or not.

is_active is there to tell if you want to keep track of if they have been active in a certain time frame or not.

[smessmer]

Oh ok so I did misunderstand it. Thanks.