> It sounds like you've mostly done what I want to do. Could you elaborate
on
> this part ...
In cgiapp_prerun, I simply do this:
===================
use session (my homegrown session object)
session = new
if not defined session->{SID} {
$self->header_type('redirect');
$self->header_props({-url=>'/cgi-bin/login'});
$self->prerun_mode('mode0');
}
=====================
This is one reason I wanted my own "session" program. The cgi::session
module returns a new session when one doesn't exist. I want a nonexistant
session to really mean it doesn't exist. I don't want it to create a new
one.
Also, I had to modify cgi::application to *not* warn about the run mode
changing. You'll see the warning in the server log. If you search for the
text in Application.pm you can comment it out.
The "if" above continues with:
=======================
else if session->LOGGED_OUT is true or $session->timeoutOrUpdate('??????')
$self->header_type('redirect');
if (!$session->{COOKIE}) {
$self->header_props({-url=>'/cgi-bin/login?sid=' . $session->{SID}});
}
else {
$self->header_props({-url=>'/cgi-bin/login'});
}
$self->prerun_mode('mode0');
}
=======================
The above says that if the user logged out, then redirect to login and if
the user elected not to use cookies, add the session ID to to the URL. The
timeout or update invokes a method which will update the sesson information
with the name of the page (represented here by '?????'). With every page,
the "from" field of the session gets updated with the page the user is on.
The method either returns true or false to indicate if the user has timed
out. But, whether timed our or not, the session gets updated.
The 'mode0' just does this:
======================
sub login {
my $self = shift;
return '';
}
========================
I do the above logic in all the instance scripts. Then the teardown method
is this:
========================
if ($session->{MODIFIED}) {
$session->saveSession()
}
========================
If the session is modified (and it always is because the "from" field always
gets updated) then it calls a method to update the MySQL row for the
session.
The login page will continue to solicit login until a successful login.
After it authenticates successfully, it determines if the "from" field of
the session contains a value. If it does, it redirects to that value. If
not, it redirects to the main page. (I do some additional testing to see if
the user requested cookies or not. I add a "?sid=" to the URL if no cookies.
Otherwise, I add the -cookie parm to header_props.)
One thing to remember, you have to build your header_props in one statement.
You can't set the URL, then the cookie later. It has to be done at once. I
had a lot of trouble with this.
I looked at your code, and it seemed like you're overcomplicating it.
Mark
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
