Don't allow clients who are already authenticated to a session to join the session as a new user.

mojotech / modernator-haskell

An API server for hosting Reddit AMA style Q&A sessions.

GNU General Public License v3.0

4 stars 0 forks source link

Don't allow clients who are already authenticated to a session to join the session as a new user. #19

Open RocketPuppy opened 8 years ago

RocketPuppy commented 8 years ago

If the client has already authenticated as a Questioner or Answerer on a session, don't allow them to re-join the session as a new user. This effectively means checking for the presence of the authentication cookies when joining a session.

Allowing this behavior means clients must explicitly join a session as an unauthenticated user.

See #18 for the opposite functionality.

RocketPuppy commented 7 years ago

I looked into this, but I'm not sure it's really desired. At the minimum, it shouldn't be handled by the server.