AuthCookie login ?

[Fran Fabrizio <ff...@mmrd.com>]

Is there a hook in AuthCookie to allow me to run some code only right 
after successful login?  The model doesn't seem to allow for this.  The 
way it seems to work is you attempt to log in, if it doesn't find a 
valid cookie, it displays the login form again.  You submit that and it 
sets the cookie without authenticating the login, then issues a redirect 
to the page the user was originally trying to go to.  When the browser 
comes back via the redirect, the cookie is already present, and only 
then does AuthCookie attempt to authenticate the cookie.

Since the authentication happens on every trip into the server, and I 
don't want to run my code (to set up an Apache::Session for the user's 
session data) until I'm sure I have a valid user on my hands, I can't 
see a way to do the session setup only the first time after a sucessful 
login.  It would seem wasteful to check for the presence of the 
Apache::Session object every trip to the server just to determine if 
this is the first request or not.  Is there a hook or a flag with that 
same functionality?

Thanks,
Fran

Re: AuthCookie login ?

[Fran Fabrizio <ff...@mmrd.com>]

> Yes, do it in authen_cred() after you have checked the credentials, but before
> returning the username.  authen_cred() is only called when you submit the login
> form.

Yes, this is what I ended up doing and it worked out perfectly.  I was 
using AuthCookieDBI and so I've been cheating and editing that module 
directly but I eventually will spin my own when I get more time.

It works very nicely now and I've tied the Apache::Session creation and 
destruction to AuthCookie logins and logouts, and I'm using the username 
as my Apache::Session key.  All very clean now.  Thanks for the help!

-Fran

Re: AuthCookie login ?

[Michael Schout <ms...@gkg.net>]

On Fri, 5 Apr 2002, Geoffrey Young wrote:

> > Since the authentication happens on every trip into the server, and I
> > don't want to run my code (to set up an Apache::Session for the user's
> > session data) until I'm sure I have a valid user on my hands, I can't
> > see a way to do the session setup only the first time after a sucessful
> > login.
>
> can't you do this in authen_cred()?  IIRC authen_cred is only called when no
> cookie is found, which means you have a first time visit (or an unsuccessful

Yes, do it in authen_cred() after you have checked the credentials, but before
returning the username.  authen_cred() is only called when you submit the login
form.

Regards,
Michael Schout (AuthCookie maintainer).

Re: AuthCookie login ?

[Geoffrey Young <ge...@modperlcookbook.org>]

> Since the authentication happens on every trip into the server, and I
> don't want to run my code (to set up an Apache::Session for the user's
> session data) until I'm sure I have a valid user on my hands, I can't
> see a way to do the session setup only the first time after a sucessful
> login.  

can't you do this in authen_cred()?  IIRC authen_cred is only called when no cookie is
found, which means you have a first time visit (or an unsuccessful attempt).  you have
control here to execute code only when a valid user is found, since it's up to you to
determine if the user is valid.  authen_ses_key() then checks whether the cookie itself
(containing the session key) is valid.

at least this is how I remember it working - it's been a while since I've worked with
AuthCookie.

--Geoff