> It sounds like you've mostly done what I want to do. Could you elaborate on > this part ...
In cgiapp_prerun, I simply do this: =================== use session (my homegrown session object) session = new if not defined session->{SID} { $self->header_type('redirect'); $self->header_props({-url=>'/cgi-bin/login'}); $self->prerun_mode('mode0'); } ===================== This is one reason I wanted my own "session" program. The cgi::session module returns a new session when one doesn't exist. I want a nonexistant session to really mean it doesn't exist. I don't want it to create a new one. Also, I had to modify cgi::application to *not* warn about the run mode changing. You'll see the warning in the server log. If you search for the text in Application.pm you can comment it out. The "if" above continues with: ======================= else if session->LOGGED_OUT is true or $session->timeoutOrUpdate('??????') $self->header_type('redirect'); if (!$session->{COOKIE}) { $self->header_props({-url=>'/cgi-bin/login?sid=' . $session->{SID}}); } else { $self->header_props({-url=>'/cgi-bin/login'}); } $self->prerun_mode('mode0'); } ======================= The above says that if the user logged out, then redirect to login and if the user elected not to use cookies, add the session ID to to the URL. The timeout or update invokes a method which will update the sesson information with the name of the page (represented here by '?????'). With every page, the "from" field of the session gets updated with the page the user is on. The method either returns true or false to indicate if the user has timed out. But, whether timed our or not, the session gets updated. The 'mode0' just does this: ====================== sub login { my $self = shift; return ''; } ======================== I do the above logic in all the instance scripts. Then the teardown method is this: ======================== if ($session->{MODIFIED}) { $session->saveSession() } ======================== If the session is modified (and it always is because the "from" field always gets updated) then it calls a method to update the MySQL row for the session. The login page will continue to solicit login until a successful login. After it authenticates successfully, it determines if the "from" field of the session contains a value. If it does, it redirects to that value. If not, it redirects to the main page. (I do some additional testing to see if the user requested cookies or not. I add a "?sid=" to the URL if no cookies. Otherwise, I add the -cookie parm to header_props.) One thing to remember, you have to build your header_props in one statement. You can't set the URL, then the cookie later. It has to be done at once. I had a lot of trouble with this. I looked at your code, and it seemed like you're overcomplicating it. Mark --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]