Hi list, In a recent thread, this exchange took place :
Le lundi 11 juillet 2011 à 21:54 +0200, André Warnier a écrit : > Szekeres, Edward wrote: > > It seems to be just an attempt to do what is already done in > > Apache2::AuthCookie (CPAN), which encapsulates a server side authentication. > > > > > +1 > Exactly. > And I would add that before you start trying to implement you own > authentication logic, > you should really think twice. HTTP authentication is a lot more messy than > what you > would at first think, and you should first have a look at some existing CPAN > modules like > the one mentioned above, and browse the code to understand what they are > doing and why. Or > just use them, they work. > I've been meaning to ask a related question to the list for a while. My logic for session authentication is thus: Login is handled by login.pm which checks username/password pair against database. if ( valid pair ) { set session_id and time_to_live; set cookie=session_id; store session_id and some parameters in a file via Storable.pm; redirect to Home page } else { serve login again } For all requests except login : 1 - Headerparser retrieves the session_id via the cookie, and reads the session file. If ( session_id is unknown or time_to_live exceeded ) then { serve login } else { serve requested page } 2 - perlhandler generates content 3 - Filter processes content and resets time_to_live of session, stores it back in file The relevant modules are visible here : login : http://vincentveyron.com/tmp/login.pm headerparser : http://vincentveyron.com/tmp/get_session_id.pm filter : http://vincentveyron.com/tmp/html_head_and_tail.pm My questions : -Is there anything wrong with my process? -What does Apache2::AuthCookie do that I don't already have? -- Vincent Veyron http://marica.fr/ Logiciel de gestion des sinistres et des contentieux pour le service juridique