From: "Bill McCormick" <[EMAIL PROTECTED]>
> > ===================
> > use session (my homegrown session object)
> > session = new
> > if not defined session->{SID} {
> > $self->header_type('redirect');
> > $self->header_props({-url=>'/cgi-bin/login'});
> >
> > $self->prerun_mode('mode0');
> > }
> > =====================
> >
> So login is a specialized cgi app to handle logins? And it will run with
> run_mode=mode0?
'login" is a an instance script (login.cgi which instantiates login.pm).
Each of my other instance scripts have the same cgi_prerun to test if a
login is required. If so, it sets run_mode to mode0. Mode0 is just a method
called "login" (poor choice of method names considering I have a login.pm
too) which emits nothing so that the redirect takes effect immediately (to
go to the login.cgi which instantiates login.pm).
> > I do the above logic in all the instance scripts. Then the teardown
method
> > is this:
> >
>
> Here, do you mean your WebApp.pm or your webapp.cgi?
I might be using the wrong terminology. I'm new to this. But, all my .pm
scripts have the same cgi_prerun, login and teardown methods. Cgi_prerun
determines if the user is logged in. The login method is just a do-nothing
method that lets the redirect take control. The teardown method ensures the
session information is updated at the end-of-execution.
>Here's where I'm still a little confused with your
> method: when there is no session or an expired session and you are going
to
> do a redirect to login anyway, why do you need a sub login {my $self =
> shift; return '';} everywhere?
Let's say I have a webmail application. I might have inbox.cgi, outbox.cgi,
trash.cgi, compose.cgi. Each of these would instantiate a ".pm" module of
the same name. Each ".pm" is like a *view* of your total mail environment.
In each one, I need to determine if the user is logged in. (Maybe someone
bookmarked a link and will come directly into the compose page.)
In each ".pm" module I have the same logic to determine if a session row
exists in the MySQL table. If so, is the user logged-out (because they
explicity logged out) or timed-out (because of inactivity)? I do this in the
cgi_prerun because that's the method that lets you change the run-mode. If I
determine they need to login, I change the run-mode to "mode0" which is
associated to a method named "login". Poor choice of words. Maybe I should
have called the method "do-nothing" because that's all it does. It returns
nothing, and the header_props I set in cgi_prerun to redirect kick in
immediately.
The login.pm which all the different ".pm" modules might redirect to simply
prompts for userid and password, and whether the user is willing to accept a
cookie (I like to ask). Until they get it right, it keeps redisplaying
itself. When they get it right, it will redirect back to whatever page they
were trying to access when they were forced to login. The page they were on
when they were forced to login is a field I keep in the session information.
If I could figure out how to do it, I could put the cgi_prerun stuff into a
superclass and inherit it across all the .pm modules.
If you want my session.pm you're welcome to have it. Like I said. I went off
and did my own thing because I had my own idea about tracking sessions.
Mark
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
