Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: How do I Implement a One-Click Login Screen on the Web?

by scorpio17 (Monsignor)
on Nov 22, 2011 at 18:55 UTC ( #939514=note: print w/ replies, xml ) Need Help??


in reply to How do I Implement a One-Click Login Screen on the Web?

In your "else" clause, instead of creating another form ("click here to continue", etc.), just issue a redirect (which goes to the same place your button-click takes you.)

However - there's a big problem with the way you're doing this - you're not storing the login state into a session variable. Since HTML is stateless, once someone moves past your login page, you'll have no way of remembering whether they're logged in or not. If you don't store that state somewhere, and check it on every page, then people can leap-frog your login page and get to any page they want.

Here's a link to a simple login tutorial I wrote: RFC: Proposed tutorial - simple login script using CGI::Application

That should help get you started.


Comment on Re: How do I Implement a One-Click Login Screen on the Web?
Re^2: How do I Implement a One-Click Login Screen on the Web?
by rbhyland (Novice) on Nov 22, 2011 at 20:21 UTC

    In your "else" clause, instead of creating another form ("click here to continue", etc.), just issue a redirect (which goes to the same place your button-click takes you.)

    I have already printed my header, and as far as I can tell a redirect like this:

    print redirect(-location=>"http://my.site.org/Switchboard.cgi");

    only works if you print it before you print the header. If I do it with Javascript I still need a button-click event to trigger it. Also, session information is in the form items and will be written into cookies on the receiving script. Cookies have to be written with the header.

      The trick is to simply delay sending your header until you know what you want to send as a header :)

      Storing session data in a cookie is a bad idea - very easy to hack. The better way is only store a session id, then you use that id to lookup the actual session data on your server.

      As for the redirect - you need to avoid sending out the header info until you know which page you're going to be generating. But, another way that might work is to include a meta tag like this inside your header:

      <META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://my.site.org/Switchboard.cgi" >

      This will result in your original page loading, but then immediately redirecting to another page. Just take out all of the original content - the users will just see the page go white after logging in, then pop into the "switchboard".

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://939514]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (10)
As of 2014-07-11 09:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (224 votes), past polls