David Arnold wrote: > All, > > Suppose that a user logs on (successfully) with username and password, > where the logon process is handled by mod_perl. Now they open a page with a > form, fill out the fields, then press the submit button. The form is > handled by a second script. > > My question: How can the second script be made aware of the username and > password of the person who logged on?
assuming you don't want to use basic or digest http authentication (aka popup boxes, which manage this kind of thing for you) typically the second (and future) script is kept unaware of the username/password. instead, the authentication script verifies the user/password and generates some kind of session token which is then managed. how you manage it can vary - you can use cookies, hidden form fields, url munging or somesuch to pass it around from page to page on the client side, then use some fancy expiration scheme on the server side. > > Any suggestions? Any pointers to material I should read? I haven't come > across this one yet, but undoubtedly it's there somewhere. basically you want to look for documentation on maintaining state. all of the mod_perl books mention something about it, so it should be pretty easy to find. IIRC the eagle book has a good explanation of ticket-based authentication using cookies, which is pretty simple (although I had a difficult time digesting it all when I was a newbie myself IIRC :) HTH --Geoff -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
