Hi Puneet,
Although I haven't used any of the *::Session modules, I thought I would give
you a brief idea of how I've done things in the past.
Basically, I have one script control the entire site. All calls to the site go
through that one script and it handles the checking of a cookie on the user's
browser. The cookie contains session or login information and if it's not
there, they get dumped onto the login screen. If it's there, they are allowed
in. I have the option of logging out by deleting the cookie from their browser.
The catch is that EVERYTHING goes through that one script. There are no static
HTML files on disk at all. It works well enough for what we are using it for.
URLs are ugly and look something like:
admin.pl?sec=foo&act=bar&name=this&value=that
(as a note, our template files are kept outside of the docs directory, so
people can't do http://site.com/template-file.tmpl to read our templates. No
one ever said your template has to be in your documentroot.)
But what you are asking is different and may sound terribly complicated at
first: how do you check a login before apache returns a static HTML file.
If you step back, the real question is how would you prevent someone from
successfully requesting foo.html when they aren't logged in? Normally, Apache
gets the request and returns the file. Simple as that. No CGI script will be
run to check someone's login. (I don't know how any of the *::Session modules
work, however.) But there's really more to it than that.
My understanding is that you could use mod_perl to insert a handler into the
Apache process to check someone's login before Apache would be told/allowed to
return the page. It's certainly possible, however it might be outside of your
realm of knowledge. It's only barely within the realm of my knowledge.
There may also be some Apache::* modules that might help with this, but again,
we're talking mod_perl, not old-fashioned CGI scripting.
Does anyone have any other ideas? Did I completely miss the question?
How sad it is. The more you know, the more you realize you don't know. ;) The
learning never ends....
Good luck!
--Joel
>Phew! that was mouthful.
>
>Folks, I am running around in circles trying to comprehend what must be
>basics for most of you.
>
>Having built a fine H::T based website and been singing praises of this
>fine module, I want to now put it all behind a username/password login
>with session mgt.
>
>I have gotten my mind suitably confused reading docs on Apache security,
>CGI::Session, Apache::Session, and scores of articles on various
>websites. Needless to say, I haven't yet figured out the simplest,
>easiest way to accomplish the following --
>
>on going to my website, the user should be presented with a login form.
>On successful login, the user's information should be retrieved from a
>database (let's assume MySQL here)... this could be a load of info such
>as preferences, various application settings, etc. These pieces of
>user-specific information should be stored in a session structure so I
>may use it throughout the user's session until the user logs out. On
>logging out, the last state should be saved back to the database and the
>session should be cleared.
>
>I am assuming that the script that does the checking whether the user is
>logged in or not has to somehow be connected with .htaccess so that it
>may run everytime... I don't know how to do that. How do I prevent the
>user from going directly to mywebsite/foo.tmpl or whatever else?
>
>I know this is asking for a basic course in creating a password
>protected website -- if someone could provide a link to such an article
>(esp. if it deals with H::T-specific issues, if any -- for example,
>..tmpl files are not cgi scripts, so how could they be protected, etc.)
>that would be great.
>
>Many thanks.
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Html-template-users mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/html-template-users
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Html-template-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/html-template-users
