logged_in_user sub stores user_hash in the request object

[cheremushki]

Because the user hash is stored in the request object, one doesn't benefit from storing the hash at all ie the sub never returns on L598.

We use the LDAP auth backend and I see an LDAP lookup for every page load irrespective of if the user has already authenticated.

Correct me if I'm wrong but wouldn't it be better to store the user hash in a session object?

https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible/blob/master/lib/Dancer2/Plugin/Auth/Extensible.pm#L597

[abeverley]

I've only looked at this very quickly, but from what I can tell the idea is that multiple calls to logger_in_user are cached per-request. The problem with storing it in the session is that the hash will never be updated during a session. E.g. if the hash contains the user's name, and the user updates their name in their settings, they would expect to see their name updated on the webpage. That applies to anything stored in the hash of course - it could be something retrieved from the database that needs to be fresh for each request.

I can see why you wouldn't want to do this for something like an LDAP lookup though. Maybe a new configuration option is needed?