Contributed by rodry
on Apr 12, 2000 at 09:37 UTC
Q&A
> CGI programming
Description: I have a database that has login information (such as
username and password) that is used to allow the user to get
to some pages and documents that are otherwise restricted.
How do I make sure that these documents are not accessed in
any way other than the login screen? I know this has to do
with managing user sessions. Please point me to any related
literature. Answer: How can I authenticate HTTP sessions ?
contributed by comatose There's a few different ways to track user
sessions, so you'll need to assess exactly which
one is best for your needs. This is covered by an
entire chapter in O'Reilly's Writing Apache Modules
in Perl and C. I'll recap a few of the methods that
don't absolutely require mod_perl.
Hidden tags - Each page is
generated via a script of some type. Store the
userid and such in hidden input tags of a form.
This method generally only works with a linear
flow of pages.
Cookies - This is probably
the quickest and easiest to implement based on
what you are asking for. Once they login, set a
session-based cookie (goes away when they close
their browser) that marks them as logged in. Of
course, if someone has cookies turned off, this
one isn't going to work.
Database - Store whether they
are currently logged in with a database. You have
to combine this with one of the above methods to
keep track of a session ID. You can also keep
track of the session ID in a query string on the
end of your URLs.
| Answer: How can I authenticate HTTP sessions ?
contributed by btrott To really protect those documents, you'll probably
need to basically re-authorize the user on each
request. You can either roll your own
authentication, or you can use the HTTP basic
authentication scheme.
If you choose the former, you'll probably want to
have a login screen; then authenticate the user,
set a cookie, and let the user view the documents.
On each request for a document, check for the
authentication cookie: if it exists, let the user
view the doc; if it doesn't exist, make the user
log in again.
If you choose to go with basic authentication,
you'll want to authenticate out of your database,
since you already have the username/password
info in there. Check out Apache::AuthDBI (on
CPAN) for doing basic authentication out of
a database for which you have a DBI driver. | Answer: How can I authenticate HTTP sessions ?
contributed by mezhaka here's a solution based on CGI::Session module |
Please (register and) log in if you wish to add an answer
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Outside of code tags, you may need to use entities for some characters:
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
|
|
