Topic: All-in-one login form

Assume a simple login form with these elements:
- Username
- Password
- Login/Logout button/link
- Forgot password button/link

I am using RESTful authentication plugin, which has User and Session resources. Thus, all user-related things (create, activate, edit details, ...) should go to UserController and session-related things (login/logout and such) should go to SessionController.

Now, as mentioned I have a form with two submit buttons - 1) login/logout and 2) forgot password.  W3C says FORM has one action and cannot be nested, thus I cannot do normal submit to two different controllers. I could do redirect_to, but takes twice as long (annoying). I don't want JavaScript-dependent solutions. The idea is to have one self-contained login form that can eventually become a part of other pages (partial?), but which will not interfere with them (i.e. the other parts should not rely on its behavior, except getting the right authentication and authorization data). The thing is - I would not like it to redirect to "forgot password" page since the username field is already present and that is the only data field that page would contain (DRY violation, $500 and 10 days in prison).

The only normal solution I could think of is to make a controller that will behave as the facade in front of UserController and SessionController - UserSessionController? However, I could not find a good way to do this. Few questions:
- What do you think of the design choices from above?
- Is there anything wrong or is there something that could be done better or in another way?
- Do you think the above is too complicated? (KISS violation, same penalty)
- Are there other sites working in this fashion? Don't have to be Rails.
- Any other thoughts?

Re: All-in-one login form

Personally, I think it may be best to go with another "forgot password" page.  It may be a little overkill to try to condense the login and forgot password forms into one.  It also seems to be a convention that most sites use, so users may be a little confused if it doesn't operate the normal way.  However, if you really want to use a single form, I believe there have been some articles in the forum here about forms with multiple submits (can't recall them off the top of my head; just search the forum).  I'm not sure about the validity of using multiple submits in a single form, but search around and I'm sure you'll find something.  Sorry this isn't a solution to your problem, but hope you can find your answer on the forum!

Re: All-in-one login form

The other solution would be to use javascript to copy the username to the forgot_password form before submitting the request. It would be simpler than creating another form and managing it.