On Wed, 2003-06-11 at 08:32, Michael L. Artz wrote: > Not sure that I quite understand ... what do you mean by "load" the > session/user data if it is being done in a handler before content > phase? What would you use to store the retrieved data ... pnotes?
That's what I've done in the past, although the users of the API didn't know that. We just made a get_session() method that returns the session. The first time it runs, it does the work. After that, it caches the session in pnotes() and gets it there for the remainder of the request. > Also, I am not quite sure of the distinction between session data and > user data. Wouldn't session data be intrinsically tied to a user? Don't you ever have to keep track of anything before you know who the user is? When I say user data I mean permanent data; things like the user's contact info and security allowances, not what's in page 2 of the form they are filling out. > My > session table currently looks like [user_id, session_key, session_data, > login_time, last_access_time]. I guess I am currently using the session > table to be more of an authentication table, i.e. if you give me a good > user_id/session_key ticket that matches what is in the database. That's fine if it fits your requirements. > I guess my pattern is: > within PerlAuthenHandler > -Check to see if there are passed user/password params. If so, validate > params against user/pass in database. If the params are valid, create a > new session key, store the session key in the database, and set a cookie > with the user_id and session_key. Isn't the session key unique? Why put both in the cookie? > -Otherwise, if there is a cookie, validate the cookie's user_id/session > against the database one stored in the database. > -If either the params or cookie passed muster, set $r->user and return > Apache::OK. If the user passed incorrect parameters, redirect to a > custom_error form which is the login page. Otherwise, return Apache::OK > and do not set $r->user. > > within registry scripts: > -If $r->user is set, turn on custom pages and load user preferences. That all sounds fine to me. - Perrin
