[RFC] user_logout hook

[Jhong]

I imagine this one is 'obvious'.. but for completeness....

Name: hook_user_logout
Rationale: To log out from third-party modules or to perform additional cleanup actions on logout
Placement: After phpBB logout has succeeded, in ucp.php
Input arguments: The user ID of the user that was just logged out.
Output arguments: void; any remaining actions should proceed regardless of the return value of the hook

[nickvergessen]

Same for login I guess.

[DavidIQ]

Then maybe the hook should be hook_user_authentication so it can be used for either?

[Jhong]

I think the login hook might proceed conceptually quite differently -- the hook might want to return true or false to enable / disable the login, or even override the user ID parameter.

However, for security reasons, a logout should probably always succeed and not be overridable. (Don't you need to have some certainty that a logout succeeds?)

I would have an additional hook for authentication (or perhaps a hook for each authentication method -- e.g. hook_authenticate_db, hook_authenticate_ldap).

logging in should come after authentication IMO, so the flow would be:

- Authentication takes place: authentication hooks can override
- If authentication is successful (as reported by all hooks), then log the user in -- call the login hook
- Establish the session and set cookies, etc. (and call additional hooks as needed -- e.g. a set cookie hook...)

I know I use the equivalent hooks in WordPress quite extensively.

Logout on the other hand needn't have all these steps -- hook_user_logout and hook_user_end_session or similar would probably be enough.

[igorw]

Please create a separate topic for login.