[Israel.pm] CGI::Session
Shmuel Fomberg
semuelf at 012.net.il
Sat Mar 1 19:32:01 EET 2008
Hi Ido.
So what you are saying is that every user gets a session. Protected pages
check whether this session is authenticated, and if not redirect to the
login page.
The login page test the user name/password, and if pass add auth data to the
session, and redirect back.
That explains why CGI::Application::Plugin::Authentication dedicate two
special form parameters, (for the user name/password) and whenever they are
submitted it tries to verify the user. That way it does not need to know
which page is a login page, or maybe the login box is outside the dynamic
app.
OK. Thanks.
Shmuel.
>-----Original Message-----
>From: perl-bounces at perl.org.il [mailto:perl-bounces at perl.org.il] On Behalf
>Of ik
>Sent: Friday, February 29, 2008 11:26 AM
>To: Perl in Israel
>Subject: Re: [Israel.pm] CGI::Session
>
>Hello,
>
>The use of a session is to save data like in cookie, where the only
>difference is that it is stored on the server side rather then the
>client side (that only stores the identifier of the session as a
>cookie).
>
>So your authentication should look like so:
>
>if ($session['user'] ne '' and $session['authenticated'] eq 1)
>{
> user already authenticated
>}
>else
>{
> do a regular authentication process
>
> $session['user'] = $user;
> $sesson['authenticated'] = 1;
> ...
>}
>
>One very important rule for CGI::Sessions, you must flush the data
>before you finish your work or you will have strange errors and
>problems.
>
>Ido
>
>On Fri, Feb 29, 2008 at 11:11 AM, Shmuel Fomberg <semuelf at 012.net.il>
>wrote:
>> Hello All.
>>
>> I'm trying to write a new web site, and was reading about
>CGI::Application
>> and CGI::Session.
>> I understand how the CGI::Session use some storage (either file of a
>> simplified database table) to store session information, and a cookie to
>> connect the user to that session. But how do I authenticate the user?
>Where
>> in the loop I verify user name/password, and say 'I know this user, this
>is
>> his data', for the Session object to keep?
>>
>> Thanks,
>> Shmuel.
>>
>>
>> _______________________________________________
>> Perl mailing list
>> Perl at perl.org.il
>> http://perl.org.il/mailman/listinfo/perl
>>
>
>
>
>--
>http://ik.homelinux.org/
>_______________________________________________
>Perl mailing list
>Perl at perl.org.il
>http://perl.org.il/mailman/listinfo/perl
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008
>12:14
More information about the Perl
mailing list