You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Gerald Richter - ECOS GmbH <ri...@ecos.de> on 2007/11/12 20:11:58 UTC

RE: Authentication & session handling

Hi,

I am not aware of a ready framework. The Embperl web sites (which you 
can find as an example under eg/web in the Embperl distribution), 
implements some of your ideas.

Gerald

------------------------------------------------------------------------
Gerald Richter       ECOS electronic communication services GmbH
*******************  SECURING YOUR NETWORK  ********************

Post:       Tulpenstrasse 5            D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de            Voice:   +49 6133 939-122
WWW:        http://www.ecos.de         Fax:     +49 6133 939-333

Sitz der Gesellschaft: Dienheim; AG Mainz HRB 6889
Geschäftsführer: Wolfgang Heck, Gerald Richter
------------------------------------------------------------------------
 
  

> -----Original Message-----
> From: Oskar Ahner [mailto:oskar@osz.nu] 
> Sent: Thursday, October 18, 2007 10:24 AM
> To: embperl@perl.apache.org
> Subject: Authentication & session handling
> 
> Hi!
> 
> I wonder if there is a "out of the box" Embperl solution for 
> the common login/authentication/session scenario:
> 
> 1. User accesses the web area which is protected and requires 
> authentication, i.e.
>    https://greatapp.mycompany.com/protected/greate/stuff.epl
> 2. The user has not a valid session cookie 3. User gets 
> directed to login page https://greatapp.mycompany.com/login/login.epl
> 4. User successfully authenticates in the login form (to LDAP 
> for instance, but that should be interchangeable) 5. Then an 
> internal redirect is done to the original uri:
>     https://greatapp.mycompany.com/protected/greate/stuff.epl
> 6. User is in!
> 7. Every time the user accesses a protected document, the 
> timestamp is updated for the session cookie in database.
> 8. If user drinks coffee for 20 minutes and comes back to her 
> protected area and does a refresh or something, she will be 
> redirected to the login page.
> 9. If the authentication is successfully, the user will be 
> redirected to the original requested uri. (this means that 
> the uri must be saved between requests in some way) 10. Etc ...
> 
> And so long the cookie is valid the user has free access to 
> the whole restricted area. But when the cookie expires due to 
> inactivity, then the user again is redirected to the login page.
> 
> I have done this solution for my Embperl application but have 
> implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler.
> So the question is, is there a ready framework for doing all 
> this in Embperl instead?
> 
> /Oskar
> 
>   
> 
> --
> Oskar Ahner
> OSZ Open Systems 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
> 
> 
> ** Virus checked by BB-5000 Mailfilter ** 
> !DSPAM:416,47171a0d26531063441679!
> 
> 

** Virus checked by BB-5000 Mailfilter **

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org