Hi list,
In a recent thread, this exchange took place :
Le lundi 11 juillet 2011 à 21:54 +0200, André Warnier a écrit :
> Szekeres, Edward wrote:
> > It seems to be just an attempt to do what is already done in
> > Apache2::AuthCookie (CPAN), which encapsulates a server side authentication.
> >
> >
> +1
> Exactly.
> And I would add that before you start trying to implement you own
> authentication logic,
> you should really think twice. HTTP authentication is a lot more messy than
> what you
> would at first think, and you should first have a look at some existing CPAN
> modules like
> the one mentioned above, and browse the code to understand what they are
> doing and why. Or
> just use them, they work.
>
I've been meaning to ask a related question to the list for a while. My
logic for session authentication is thus:
Login is handled by login.pm which checks username/password pair against
database.
if ( valid pair ) { set session_id and time_to_live; set
cookie=session_id; store session_id and some parameters in a file via
Storable.pm; redirect to Home page } else { serve login again }
For all requests except login :
1 - Headerparser retrieves the session_id via the cookie, and reads the
session file.
If ( session_id is unknown or time_to_live exceeded ) then { serve
login } else { serve requested page }
2 - perlhandler generates content
3 - Filter processes content and resets time_to_live of session, stores
it back in file
The relevant modules are visible here :
login : http://vincentveyron.com/tmp/login.pm
headerparser : http://vincentveyron.com/tmp/get_session_id.pm
filter : http://vincentveyron.com/tmp/html_head_and_tail.pm
My questions :
-Is there anything wrong with my process?
-What does Apache2::AuthCookie do that I don't already have?
--
Vincent Veyron
http://marica.fr/
Logiciel de gestion des sinistres et des contentieux pour le service juridique
