* Randal L. Schwartz <merlyn@stonehenge.com> [2005-08-15 20:00]:
> To further this, let's say I had a $big_client that needs to
> show a login page if the user isn't logged in, regardless of
> whatever "state" the ->get_state returns.  They can override
> ->get_class to simply return the login page if not logged in,
> regardless of whatever state it's asked to show, and yet the
> old state is preserved for a "return to FOO link".  And then
> the ->get_state can be changed from hidden fields to pathinfo
> without messing up the authorization section.

I currently do that by authenticating the user in ->app_enter.
The ->respond in pages which require authentication can then
switch to the login state for rendering a reponse. The login
state consists of nothing but a login form that includes all the
incoming state. So the user repeats the same request when he
submits the form, only this time with his credentials included.
->app_enter then picks them up, so the ->respond which previously
switched to the login state now finds the user authenticated, and
the request proceeds as it would have the first time around.

*AUTOLOAD=*_=sub{s/(.*)::(.*)/print$2,(",$\/"," ")[defined wantarray]/e;$1};

SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
cgi-prototype-users mailing list

Reply via email to