* Randal L. Schwartz <merlyn@stonehenge.com> [2005-08-15 20:00]: > To further this, let's say I had a $big_client that needs to > show a login page if the user isn't logged in, regardless of > whatever "state" the ->get_state returns. They can override > ->get_class to simply return the login page if not logged in, > regardless of whatever state it's asked to show, and yet the > old state is preserved for a "return to FOO link". And then > the ->get_state can be changed from hidden fields to pathinfo > without messing up the authorization section.
I currently do that by authenticating the user in ->app_enter. The ->respond in pages which require authentication can then switch to the login state for rendering a reponse. The login state consists of nothing but a login form that includes all the incoming state. So the user repeats the same request when he submits the form, only this time with his credentials included. ->app_enter then picks them up, so the ->respond which previously switched to the login state now finds the user authenticated, and the request proceeds as it would have the first time around. Regards, -- #Aristotle *AUTOLOAD=*_=sub{s/(.*)::(.*)/print$2,(",$\/"," ")[defined wantarray]/e;$1}; &Just->another->Perl->hacker; ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ cgi-prototype-users mailing list cgi-prototype-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cgi-prototype-users