Hi, I am not aware of a ready framework. The Embperl web sites (which you can find as an example under eg/web in the Embperl distribution), implements some of your ideas.
Gerald ------------------------------------------------------------------------ Gerald Richter ECOS electronic communication services GmbH ******************* SECURING YOUR NETWORK ******************** Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: [EMAIL PROTECTED] Voice: +49 6133 939-122 WWW: http://www.ecos.de Fax: +49 6133 939-333 Sitz der Gesellschaft: Dienheim; AG Mainz HRB 6889 Geschäftsführer: Wolfgang Heck, Gerald Richter ------------------------------------------------------------------------ > -----Original Message----- > From: Oskar Ahner [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 18, 2007 10:24 AM > To: embperl@perl.apache.org > Subject: Authentication & session handling > > Hi! > > I wonder if there is a "out of the box" Embperl solution for > the common login/authentication/session scenario: > > 1. User accesses the web area which is protected and requires > authentication, i.e. > https://greatapp.mycompany.com/protected/greate/stuff.epl > 2. The user has not a valid session cookie 3. User gets > directed to login page https://greatapp.mycompany.com/login/login.epl > 4. User successfully authenticates in the login form (to LDAP > for instance, but that should be interchangeable) 5. Then an > internal redirect is done to the original uri: > https://greatapp.mycompany.com/protected/greate/stuff.epl > 6. User is in! > 7. Every time the user accesses a protected document, the > timestamp is updated for the session cookie in database. > 8. If user drinks coffee for 20 minutes and comes back to her > protected area and does a refresh or something, she will be > redirected to the login page. > 9. If the authentication is successfully, the user will be > redirected to the original requested uri. (this means that > the uri must be saved between requests in some way) 10. Etc ... > > And so long the cookie is valid the user has free access to > the whole restricted area. But when the cookie expires due to > inactivity, then the user again is redirected to the login page. > > I have done this solution for my Embperl application but have > implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler. > So the question is, is there a ready framework for doing all > this in Embperl instead? > > /Oskar > > > > -- > Oskar Ahner > OSZ Open Systems > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > ** Virus checked by BB-5000 Mailfilter ** > !DSPAM:416,47171a0d26531063441679! > > ** Virus checked by BB-5000 Mailfilter ** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
