perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jim booe" <>
Subject authcookie/session
Date Wed, 07 Mar 2007 20:21:33 GMT

I've read through a lot of mailing list archives and the documentation for 
Apache2::AuthCookie and found that tying Apache2::AuthCookie with 
CGI::Session was exactly what I was looking for.

I'm running mp2/apache2...I've got things working, but I'd like to see if 
there's a better way.

In my AuthCookie sub class, I check my user credentials in authen_cred(). If 
I get a successful login, then I create a session with CGI::Session and 
return the generated session key.

sub authen_cred ($$\@) {
    my $self = shift;
    my $r = shift;
    my($username,$password) = @_;

    # Check user and create session if valid
    my $session = authenticate_user($username, $password);
    return $session;

sub authenticate_user {
    my($username,$password) = @_;

   # Check username/password in database
   # other code left out for clarity
   $s = CGI::Session->load() or die CGI::Session->errstr;
   # check that session was created here,
   # redirect to login if expired, $s->new if empty
   # if ok, return session id
  return $s->id();

In the various examples I've seen of AuthCookie (without 
Apache/CGI::Session), the session key is a ticket so you can tell if it's 
been tampered with or expired. Since I'm using CGI::Session to generate the 
key, I'm simply checking that the session key is valid in authen_ses_key() 
using the CGI::Session load($session_id) function:

my $s = CGI::Session->load($session) or die CGI::Session->errstr;

Which leads me to my second question - if I find that key is valid (in 
authen_ses_key), then I use pnotes to store a reference to my session, so I 
can access it later in a response handler - believe I saw mention of that 
and it seems to work, but verifying that's the best way.

Thanks all...

With tax season right around the corner, make sure to follow these few 
simple tips.

View raw message