You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Gerald Richter - ECOS GmbH <ri...@ecos.de> on 2007/11/12 20:11:58 UTC
RE: Authentication & session handling
Hi,
I am not aware of a ready framework. The Embperl web sites (which you
can find as an example under eg/web in the Embperl distribution),
implements some of your ideas.
Gerald
------------------------------------------------------------------------
Gerald Richter ECOS electronic communication services GmbH
******************* SECURING YOUR NETWORK ********************
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 939-122
WWW: http://www.ecos.de Fax: +49 6133 939-333
Sitz der Gesellschaft: Dienheim; AG Mainz HRB 6889
Geschäftsführer: Wolfgang Heck, Gerald Richter
------------------------------------------------------------------------
> -----Original Message-----
> From: Oskar Ahner [mailto:oskar@osz.nu]
> Sent: Thursday, October 18, 2007 10:24 AM
> To: embperl@perl.apache.org
> Subject: Authentication & session handling
>
> Hi!
>
> I wonder if there is a "out of the box" Embperl solution for
> the common login/authentication/session scenario:
>
> 1. User accesses the web area which is protected and requires
> authentication, i.e.
> https://greatapp.mycompany.com/protected/greate/stuff.epl
> 2. The user has not a valid session cookie 3. User gets
> directed to login page https://greatapp.mycompany.com/login/login.epl
> 4. User successfully authenticates in the login form (to LDAP
> for instance, but that should be interchangeable) 5. Then an
> internal redirect is done to the original uri:
> https://greatapp.mycompany.com/protected/greate/stuff.epl
> 6. User is in!
> 7. Every time the user accesses a protected document, the
> timestamp is updated for the session cookie in database.
> 8. If user drinks coffee for 20 minutes and comes back to her
> protected area and does a refresh or something, she will be
> redirected to the login page.
> 9. If the authentication is successfully, the user will be
> redirected to the original requested uri. (this means that
> the uri must be saved between requests in some way) 10. Etc ...
>
> And so long the cookie is valid the user has free access to
> the whole restricted area. But when the cookie expires due to
> inactivity, then the user again is redirected to the login page.
>
> I have done this solution for my Embperl application but have
> implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler.
> So the question is, is there a ready framework for doing all
> this in Embperl instead?
>
> /Oskar
>
>
>
> --
> Oskar Ahner
> OSZ Open Systems
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
>
>
> ** Virus checked by BB-5000 Mailfilter **
> !DSPAM:416,47171a0d26531063441679!
>
>
** Virus checked by BB-5000 Mailfilter **
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org