Mark,
I have some questions and comments interspersed with your reply below.
> In cgiapp_prerun, I simply do this:
>
> ===================
> use session (my homegrown session object)
> session = new
> if not defined session->{SID} {
> $self->header_type('redirect');
> $self->header_props({-url=>'/cgi-bin/login'});
>
> $self->prerun_mode('mode0');
> }
> =====================
>
So login is a specialized cgi app to handle logins? And it will run with
run_mode=mode0?
> This is one reason I wanted my own "session" program. The cgi::session
> module returns a new session when one doesn't exist. I want a nonexistant
> session to really mean it doesn't exist. I don't want it to create a new
> one.
>
> Also, I had to modify cgi::application to *not* warn about the run mode
> changing. You'll see the warning in the server log. If you search for the
> text in Application.pm you can comment it out.
>
> The "if" above continues with:
> =======================
>
> else if session->LOGGED_OUT is true or $session->timeoutOrUpdate('??????')
>
> $self->header_type('redirect');
>
> if (!$session->{COOKIE}) {
> $self->header_props({-url=>'/cgi-bin/login?sid=' . $session->{SID}});
> }
> else {
> $self->header_props({-url=>'/cgi-bin/login'});
> }
>
> $self->prerun_mode('mode0');
> }
>
> =======================
>
> The above says that if the user logged out, then redirect to login and if
> the user elected not to use cookies, add the session ID to to the URL. The
> timeout or update invokes a method which will update the sesson
> information
> with the name of the page (represented here by '?????'). With every page,
> the "from" field of the session gets updated with the page the user is on.
> The method either returns true or false to indicate if the user has timed
> out. But, whether timed our or not, the session gets updated.
>
> The 'mode0' just does this:
>
> ======================
> sub login {
>
> my $self = shift;
>
> return '';
>
> }
> ========================
Ok ... this is the part I don't understand.
.... now re-reading cgi::app pod .....
I just went back and read the part of the cgi::app perldoc that talks about
instance scripts. Boy do I feel a silly shade of green. No wonder my
application seems over-complicated. I'm trying to do everything with one
instance script when I could have multiple instances scripts all
implementing the same App Module Class. Oh well, I just started with all
this just a few months ago.
from the pod:
Notation and Conventions
For the purpose of this document, we will refer to the following
conventions:
WebApp.pm The Perl module which implements your Application Module
class.
WebApp Your Application Module class; a sub-class of
CGI::Application.
webapp.cgi The Instance Script which implements your Application
Module.
$webapp An instance (object) of your Application Module class.
$self Same as $webapp, used in instance methods to pass around
the
current object. (Standard Perl Object-Oriented technique)
>
> I do the above logic in all the instance scripts. Then the teardown method
> is this:
>
Here, do you mean your WebApp.pm or your webapp.cgi? I think you you mean
your WebApp.pm not the actual instance script which would be webapp.cgi
(according to the pod.) Here's where I'm still a little confused with your
method: when there is no session or an expired session and you are going to
do a redirect to login anyway, why do you need a sub login {my $self =
shift; return '';} everywhere?
> ========================
>
> if ($session->{MODIFIED}) {
>
> $session->saveSession()
>
> }
>
> ========================
>
> If the session is modified (and it always is because the "from"
> field always
> gets updated) then it calls a method to update the MySQL row for the
> session.
>
OK ... that's cool.
> The login page will continue to solicit login until a successful login.
> After it authenticates successfully, it determines if the "from" field of
> the session contains a value. If it does, it redirects to that value. If
> not, it redirects to the main page. (I do some additional testing
> to see if
> the user requested cookies or not. I add a "?sid=" to the URL if
> no cookies.
> Otherwise, I add the -cookie parm to header_props.)
>
> One thing to remember, you have to build your header_props in one
> statement.
> You can't set the URL, then the cookie later. It has to be done at once. I
> had a lot of trouble with this.
>
> I looked at your code, and it seemed like you're overcomplicating it.
Yea, well I'm still learning here. What in particular strikes you as overly
complicated? BTW, it's mostly just from the CGI::Session::Tutorial or
CookBook, I can't remember which.
Thanks again,
Bill
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
