You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by jim booe <ji...@hotmail.com> on 2007/03/07 21:21:33 UTC

authcookie/session

Hi,

I've read through a lot of mailing list archives and the documentation for 
Apache2::AuthCookie and found that tying Apache2::AuthCookie with 
CGI::Session was exactly what I was looking for.

I'm running mp2/apache2...I've got things working, but I'd like to see if 
there's a better way.

In my AuthCookie sub class, I check my user credentials in authen_cred(). If 
I get a successful login, then I create a session with CGI::Session and 
return the generated session key.

sub authen_cred ($$\@) {
    my $self = shift;
    my $r = shift;
    my($username,$password) = @_;

    # Check user and create session if valid
    my $session = authenticate_user($username, $password);
    return $session;
}

sub authenticate_user {
    my($username,$password) = @_;

   # Check username/password in database
   # other code left out for clarity
   $s = CGI::Session->load() or die CGI::Session->errstr;
   # check that session was created here,
   # redirect to login if expired, $s->new if empty
   # if ok, return session id
  return $s->id();
}

In the various examples I've seen of AuthCookie (without 
Apache/CGI::Session), the session key is a ticket so you can tell if it's 
been tampered with or expired. Since I'm using CGI::Session to generate the 
key, I'm simply checking that the session key is valid in authen_ses_key() 
using the CGI::Session load($session_id) function:

my $s = CGI::Session->load($session) or die CGI::Session->errstr;

Which leads me to my second question - if I find that key is valid (in 
authen_ses_key), then I use pnotes to store a reference to my session, so I 
can access it later in a response handler - believe I saw mention of that 
and it seems to work, but verifying that's the best way.

Thanks all...
--
jb

_________________________________________________________________
With tax season right around the corner, make sure to follow these few 
simple tips. 
http://articles.moneycentral.msn.com/Taxes/PreparationTips/PreparationTips.aspx?icid=HMFebtagline