perl-embperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oskar Ahner <os...@osz.nu>
Subject Authentication & session handling
Date Thu, 18 Oct 2007 08:24:21 GMT
Hi!

I wonder if there is a "out of the box" Embperl solution for the common
login/authentication/session scenario:

1. User accesses the web area which is protected and requires
authentication, i.e.
   https://greatapp.mycompany.com/protected/greate/stuff.epl
2. The user has not a valid session cookie
3. User gets directed to login page
https://greatapp.mycompany.com/login/login.epl
4. User successfully authenticates in the login form (to LDAP for
instance, but that should be interchangeable)
5. Then an internal redirect is done to the original uri:
    https://greatapp.mycompany.com/protected/greate/stuff.epl
6. User is in!
7. Every time the user accesses a protected document, the timestamp is
updated for the session cookie in database.
8. If user drinks coffee for 20 minutes and comes back to her protected
area and does a refresh or something, she will be redirected to the
login page.
9. If the authentication is successfully, the user will be redirected to
the original requested uri. (this means that the uri must be saved
between requests in some way)
10. Etc ...

And so long the cookie is valid the user has free access to the whole
restricted area. But when the cookie expires due to inactivity, then the
user again is redirected to the login page.

I have done this solution for my Embperl application but have
implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler.
So the question is, is there a ready framework for doing all this in
Embperl instead?

/Oskar

  

-- 
Oskar Ahner 
OSZ Open Systems 




---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org


Mime
View raw message