You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Fran Fabrizio <ff...@mmrd.com> on 2002/04/05 16:41:06 UTC
AuthCookie login ?
Is there a hook in AuthCookie to allow me to run some code only right
after successful login? The model doesn't seem to allow for this. The
way it seems to work is you attempt to log in, if it doesn't find a
valid cookie, it displays the login form again. You submit that and it
sets the cookie without authenticating the login, then issues a redirect
to the page the user was originally trying to go to. When the browser
comes back via the redirect, the cookie is already present, and only
then does AuthCookie attempt to authenticate the cookie.
Since the authentication happens on every trip into the server, and I
don't want to run my code (to set up an Apache::Session for the user's
session data) until I'm sure I have a valid user on my hands, I can't
see a way to do the session setup only the first time after a sucessful
login. It would seem wasteful to check for the presence of the
Apache::Session object every trip to the server just to determine if
this is the first request or not. Is there a hook or a flag with that
same functionality?
Thanks,
Fran
Re: AuthCookie login ?
Posted by Fran Fabrizio <ff...@mmrd.com>.
> Yes, do it in authen_cred() after you have checked the credentials, but before
> returning the username. authen_cred() is only called when you submit the login
> form.
Yes, this is what I ended up doing and it worked out perfectly. I was
using AuthCookieDBI and so I've been cheating and editing that module
directly but I eventually will spin my own when I get more time.
It works very nicely now and I've tied the Apache::Session creation and
destruction to AuthCookie logins and logouts, and I'm using the username
as my Apache::Session key. All very clean now. Thanks for the help!
-Fran
Re: AuthCookie login ?
Posted by Michael Schout <ms...@gkg.net>.
On Fri, 5 Apr 2002, Geoffrey Young wrote:
> > Since the authentication happens on every trip into the server, and I
> > don't want to run my code (to set up an Apache::Session for the user's
> > session data) until I'm sure I have a valid user on my hands, I can't
> > see a way to do the session setup only the first time after a sucessful
> > login.
>
> can't you do this in authen_cred()? IIRC authen_cred is only called when no
> cookie is found, which means you have a first time visit (or an unsuccessful
Yes, do it in authen_cred() after you have checked the credentials, but before
returning the username. authen_cred() is only called when you submit the login
form.
Regards,
Michael Schout (AuthCookie maintainer).
Re: AuthCookie login ?
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
> Since the authentication happens on every trip into the server, and I
> don't want to run my code (to set up an Apache::Session for the user's
> session data) until I'm sure I have a valid user on my hands, I can't
> see a way to do the session setup only the first time after a sucessful
> login.
can't you do this in authen_cred()? IIRC authen_cred is only called when no cookie is
found, which means you have a first time visit (or an unsuccessful attempt). you have
control here to execute code only when a valid user is found, since it's up to you to
determine if the user is valid. authen_ses_key() then checks whether the cookie itself
(containing the session key) is valid.
at least this is how I remember it working - it's been a while since I've worked with
AuthCookie.
--Geoff