Hi! I wonder if there is a "out of the box" Embperl solution for the common login/authentication/session scenario:
1. User accesses the web area which is protected and requires authentication, i.e. https://greatapp.mycompany.com/protected/greate/stuff.epl 2. The user has not a valid session cookie 3. User gets directed to login page https://greatapp.mycompany.com/login/login.epl 4. User successfully authenticates in the login form (to LDAP for instance, but that should be interchangeable) 5. Then an internal redirect is done to the original uri: https://greatapp.mycompany.com/protected/greate/stuff.epl 6. User is in! 7. Every time the user accesses a protected document, the timestamp is updated for the session cookie in database. 8. If user drinks coffee for 20 minutes and comes back to her protected area and does a refresh or something, she will be redirected to the login page. 9. If the authentication is successfully, the user will be redirected to the original requested uri. (this means that the uri must be saved between requests in some way) 10. Etc ... And so long the cookie is valid the user has free access to the whole restricted area. But when the cookie expires due to inactivity, then the user again is redirected to the login page. I have done this solution for my Embperl application but have implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler. So the question is, is there a ready framework for doing all this in Embperl instead? /Oskar -- Oskar Ahner OSZ Open Systems --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
