SessionLoginThrottle and $session->login

[apeisa]

I did hit my head into wall for few hours because of this. I did build custom login and was getting very strange results (sometimes it worked just fine, other times not so nicely). Finally I did figure out the problem and it was SessionLoginThrottle. It is pretty hard one to find out, since $session->login($username, $pass) returns just false, even if username and password are right (but SessionLoginThrottle comes into play).

Not sure what is best way to handle this? Maybe just information on cheatsheet, that even though username and password are right, there might be other things that prevents login. Or then - should sessionLoginThrottle be activated by default only on main admin login and let custom logins use it if they want?

[ryan]

I see what you mean. Sorry for the confusion this may have caused. I will think more here about how to handle this. I don't want it interfering with API usage such as yours, but do want it to be able to still work with any login form (whether ProcessLogin or a custom one). Initially I'm thinking maybe I should just have it throw an Exception rather than a $this->error(). Errors communicated via $this->error() require something to report them (like the admin template), so this could be hard to find in API usage. Whereas an Exception would be hard to miss. Beyond this, I think a way to disable SessionLoginThrottle at runtime would be worthwhile for a case like this too.