[eluser]n0xie[/eluser]
[quote author="Huji" date="1244765655"] Then if authentication was successfull, I would have to redirect to /private/ and this redirect thing is what I want to avoid.
[/quote]
Why?
[quote author="Huji" date="1244765655"]
You can't maintain the posted data in a redirect easily, so I don't want a redirect to take place.
[/quote]
What POST data would you want to maintain? The only POST data is the username/pw combo. If the user is logged in successful, there is no need for this POST data any more. If the username/pw was incorrect, you would handle that in the '/login' controller which does have access to the POST data (so you can repopulate the form just like you want.) The decoupling of the login credentials concern with the rest of your website is a good thing. If you ever decide to change the way people log in, you'd have to go over ALL your controllers to change the code. This way you only have to worry about 1 controller. Let's say you want to add OpenID support. You just add it as a method to your login controller and you're done.
I don't really understand what the problem is, maybe you can explain it more clearly, since to me it sounds like you have problems that aren't really problems.