[EMAIL PROTECTED] wrote:
>I'm fairly new at this and need a few pointers to possible resources.
>
>I've used Apache::AuthenDBI and thus require the user to enter a user name and
>password as expected. It all works. However, my customer has asked for either
a
>timeout, a [Logout] button, or both so that the browser basically 'forgets'
the
>user id. This would then remove the requirement for the user to close down the
>browser when they leave their system.
>
>Where can I look for assistence on this problem? My assumption is that it
would
>be a 'browser' thing so I wouldn't expect a direct answer from this group.
Due to the stateless nature of HTTP, a timeout is not quite possible with
protocol level authentication. What you are wanting would either require a
cookie or URL munging.
Several modules exist on CPAN which can provide what you are looking for:
Apache::AuthCookie
Uses session keys to track users. Authentication appears to be restricted
to one website. This code has been around a while and is more mature.
Authen::Ticket
Uses cookies to provide an authenticating ticket. The ticket may be signed
using El Gamal (public key). Authenticating tickets may be presented to
multiple websites. Newer code with bugs still being worked out.
Both modules allow a high level of customization in most phases. Neither can
handle mid-POST authentication yet. Both are similar, but with different
emphasis. Both come with example code.
--
James Smith <[EMAIL PROTECTED]>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix
