From: "Bill McCormick" <[EMAIL PROTECTED]> > > =================== > > use session (my homegrown session object) > > session = new > > if not defined session->{SID} { > > $self->header_type('redirect'); > > $self->header_props({-url=>'/cgi-bin/login'}); > > > > $self->prerun_mode('mode0'); > > } > > ===================== > > > So login is a specialized cgi app to handle logins? And it will run with > run_mode=mode0?
'login" is a an instance script (login.cgi which instantiates login.pm). Each of my other instance scripts have the same cgi_prerun to test if a login is required. If so, it sets run_mode to mode0. Mode0 is just a method called "login" (poor choice of method names considering I have a login.pm too) which emits nothing so that the redirect takes effect immediately (to go to the login.cgi which instantiates login.pm). > > I do the above logic in all the instance scripts. Then the teardown method > > is this: > > > > Here, do you mean your WebApp.pm or your webapp.cgi? I might be using the wrong terminology. I'm new to this. But, all my .pm scripts have the same cgi_prerun, login and teardown methods. Cgi_prerun determines if the user is logged in. The login method is just a do-nothing method that lets the redirect take control. The teardown method ensures the session information is updated at the end-of-execution. >Here's where I'm still a little confused with your > method: when there is no session or an expired session and you are going to > do a redirect to login anyway, why do you need a sub login {my $self = > shift; return '';} everywhere? Let's say I have a webmail application. I might have inbox.cgi, outbox.cgi, trash.cgi, compose.cgi. Each of these would instantiate a ".pm" module of the same name. Each ".pm" is like a *view* of your total mail environment. In each one, I need to determine if the user is logged in. (Maybe someone bookmarked a link and will come directly into the compose page.) In each ".pm" module I have the same logic to determine if a session row exists in the MySQL table. If so, is the user logged-out (because they explicity logged out) or timed-out (because of inactivity)? I do this in the cgi_prerun because that's the method that lets you change the run-mode. If I determine they need to login, I change the run-mode to "mode0" which is associated to a method named "login". Poor choice of words. Maybe I should have called the method "do-nothing" because that's all it does. It returns nothing, and the header_props I set in cgi_prerun to redirect kick in immediately. The login.pm which all the different ".pm" modules might redirect to simply prompts for userid and password, and whether the user is willing to accept a cookie (I like to ask). Until they get it right, it keeps redisplaying itself. When they get it right, it will redirect back to whatever page they were trying to access when they were forced to login. The page they were on when they were forced to login is a field I keep in the session information. If I could figure out how to do it, I could put the cgi_prerun stuff into a superclass and inherit it across all the .pm modules. If you want my session.pm you're welcome to have it. Like I said. I went off and did my own thing because I had my own idea about tracking sessions. Mark --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]