Thanks Aaron,
The altered connect call was exactly what I was after...( and it worked as expected -
no more database sessions for the authenticating users ).
A little more background may explain the odd ( ? ) construction.
I wanted to make the design easily portable to different databases - so either I had
to code around the different ways that they store usernames and passwords, or create
my own user attributes table ( 2nd is not such a bad idea ). However the user
population already has database accounts for other stuff, so I thought I would
"leverage" off that....( bad marketing speak alert just then it portrays the idea ok).
The security question I have currently ignored as the webapp is used on a closed lan,
however I plan to alter this by ensuring that the page that accepts username, passwd
is only callable via https. It will then ( optinally ) switch back to http when
redirecting to the continuation page....
Thanks for your help
Mark
> -----Original Message-----
> From: Aaron [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, October 06, 2000 1:55 AM
> To: Mark Kirkwood
> Cc: [EMAIL PROTECTED]
> Subject: Re: Disable/Enable Persistant Connections On Demand
>
> at a time earlier than now, Mark Kirkwood wrote:
> > Dear List,
> >
> > This may be a stupid question... but anyway...
>
> no way. Apache::DBI and DBI kind of cheat and automagically make stuff
> happen. it's very cool, but it can also be hard to extend or modify for
> specific situations.
>
> > This works great, because most of the web site uses a "generic" user to connect to
>the database. However I do authentication via the database ( i.e : attempt a
>connection using supplied user/pwd and if so set a cookie and continue on using the
>generic user/pwd) , and these "once only" connections persist too.
>
> would it be better to query a table, maybe a system table, to verify login?
> i assume you are using ssl to encrypt these user/password pairs, but it
> doesn't seem as though you have a need for a connection.
>
> of course, it is probably just a political situation where the users who are
> logging in already have accounts, you don't have access to system tables b/c
> the dba doesn't want let you and so on.
>
> *** i did not test i am not recommending i am not responsible ***
>
> anyway... you could probably just get away with calling connect like this:
>
> DBI->connect('dbi:mysql:dbname=db','user','pass',
> {attr=>value},
> undef,
> 'connect');
>
> which will set $connect_meth to it's default value
>
> my $connect_via = "connect";
>
> and set connect_meth to 'connect' and not 'Apache::DBI::connect'
>
> $connect_via = "Apache::DBI::connect";
>
> so that when this code runs you are good to go without Apache::DBI.
>
> $drh->$connect_meth($dsn, $user, $pass, $attr)
>
> he he. ugh. take a look at the DBI.pm source, you'll see what's going on.
>
> aaron
>
> let me know what happens
>
>
>
> > Thus after 100 folk have logged in there are 100 ( unused ) connections. I would
>like to have these authentication once only connection not persist.
> >
> > Is there any way to "by default" use persistent connections but on occasions not ?
> >
> > Thanks in advance for your help
> >
> > Mark
