On Sun, Jul 18, 2004 at 12:32:00PM -0700, David Arnold wrote: > > Suppose that student A logs into our main page using his username and > [...] > information into a waiting PDF document. My first question is this: Is the > username and password that student A used to login available to this next > perl script?
> I think my note points to my confusion of all these "processes" and how > they work. I still don't have a handle on that. Any help or explanation > will be appreciated. I thought so. Honest question: did you read the mod_perl cookbook (http://www.modperlcookbook.org) and/or Practical mod_perl (http://modperlbook.org) before you started (or during) your exploration of mod_perl? I think it is essential you do, because you seem not aware of the "request" cycle. Anyway, assuming that you program this sensibly, there is no such thing as a process that is authenticated: it is a request. Whenever the user requests a resource from your webserver, this "request" is put through different phases, one of which can be an authenticating phase. Whichever way of authentication you choose, the authentication information is shared with "next" phases, of which content serving is one. So: yes you have that information available when serving an Adobe document. Perhaps to help you: although sites give a different impression: there is no such thing as "logging in". When you "log in" to a site you merely use a mechanism that "automatically" authenticates you every time from then on. This can be done using basic authentication (in which case your browser simply keeps your username and password at hand), using cookies and using sessions (where the server keeps your information at hand). > Secondly, suppose at the same time student B has logged on to the opening > page, but from another machine. Is this run in a separate child process? If > student B also tries to access "Exam#1", will things go well? See above. Which process is used for Student B is not relevant. The process should not keep this information "in core". > Thirdly, what happens if student B logs onto the same machine as student A, > but later in the day? Ah! Now this can be a tricky part... If you use basic authentication (that one with the nasty popup box asking for a username and a password) the browser offers a "service" to store these to get you in any time. To avoid this in your case, simply use a session scheme (see books) with a session that expires in a sensible way (read: rather quickly, but not too quick). Hope this helps, but do yourself a favour and read one of the books mentioned. Certainly if you plan to do these kinds of important applications. --Frank -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
