Hi Steve -- > Yesterday, almost by accident I ended up writing a fairly > neat and tidy > Login module using CGI::Application.
Sounds fantastic! How does this system actually control user Authentication state? Does it provide an Apache handler to set $r->connection->user()? (I assume this works with Apache -- am I wrong?) Does it require that all other app developers include some code in their applications? > Login page / error messages / cookie name / session file > directory are all > defined by you in the login.cgi instance script. And a module like > MyProject::Login would use base 'CGI::Application::Login' and > contain the > overloaded 'validate' function to decide how a user gets logged in. This seems like a very clean interface. Three comments: 1. You should provide some default validate() functionality -- perhaps always returning true. This would make overloading validate() optional. 2. You should also allow the programmer to override store_session() and retrieve_session() methods so that ambitious developers could put sessions in a database. This would be pretty sharp. (Default behaviors should be provided, however.) 3. If you're not already, you should hook into existing CPAN modules for user Authentication and Authorization. If you choose a popular module, users will flock to your login system! This sounds pretty cool -- keep us all updated. -Jesse- ---- Jesse Erlbaum, CTO Vanguard Media 212.242.5317 x115 [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
