From 3b234a6944400ee7a068ccbdde56ccba07d3ace9 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Fri, 16 Mar 2012 21:40:50 -0600
Subject: [PATCH] ask a question in a code comment about the implementation of
 getSilentAssertion which we now use in the comm iframe for the event api
 implementation

---
 resources/static/shared/user.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/resources/static/shared/user.js b/resources/static/shared/user.js
index 5dfdf673d..61eff6f47 100644
--- a/resources/static/shared/user.js
+++ b/resources/static/shared/user.js
@@ -1051,6 +1051,14 @@ BrowserID.User = (function() {
      * @param {function} onFailure - called on XHR failure.
      */
     getSilentAssertion: function(siteSpecifiedEmail, onComplete, onFailure) {
+      // XXX: why do we need to check authentication status here explicitly.
+      //      why can't we fail later?  the problem with doing this is that
+      //      knowing correct present authentication status requires that we
+      //      talk to the server, because you can be logged in or logged out
+      //      in many different contexts (dialog, manage page, cookies expire).
+      //      so if we rely on localstorage only and check authentication status
+      //      only when we know a network request will be required, we very well
+      //      might have fewer race conditions and do fewer network requests.
       User.checkAuthentication(function(authenticated) {
         if (authenticated) {
           var loggedInEmail = storage.getLoggedIn(origin);
-- 
GitLab