Beefy Boxes and Bandwidth Generously Provided by pair Networks RobOMonk
laziness, impatience, and hubris
 
PerlMonks  

http digest authentication and session management

by nikosv (Hermit)
on Aug 14, 2012 at 11:36 UTC ( #987318=perlquestion: print w/ replies, xml ) Need Help??
nikosv has asked for the wisdom of the Perl Monks concerning the following question:

Instead of using form based authentication I was thinking to use http digest authentication using mod_auth_digest The problem is how to maintain state between requests.

Let's say that after the user authenticates, accesses a form, fills it and submits it to a CGI script which process it and he is next presented with a new form. Problem is how to maintain the state between form 1 and 2 ?

a) Using digest auth the credentials are re-submitted on each request so this can be considered as session state keeping. The REMOTE_USER env variable is also set as an identifier;should it be used as an identifying key and store session details in the database using it ? Could work, but how would the server know that the user logged out so it invalidates the session, because digest offers no standard way to log out

b) Mixed mode possible? Can session management be delegated to cookies while authentication taken care of by digest?

c) ?

Comment on http digest authentication and session management
Re: http digest authentication and session management
by cheekuperl (Monk) on Aug 14, 2012 at 11:39 UTC
    See CGI::Session for managing sessions and session variables.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://987318]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (16)
As of 2014-04-16 19:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (433 votes), past polls