Hi Ido. So what you are saying is that every user gets a session. Protected pages check whether this session is authenticated, and if not redirect to the login page. The login page test the user name/password, and if pass add auth data to the session, and redirect back.
That explains why CGI::Application::Plugin::Authentication dedicate two special form parameters, (for the user name/password) and whenever they are submitted it tries to verify the user. That way it does not need to know which page is a login page, or maybe the login box is outside the dynamic app. OK. Thanks. Shmuel. >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >Of ik >Sent: Friday, February 29, 2008 11:26 AM >To: Perl in Israel >Subject: Re: [Israel.pm] CGI::Session > >Hello, > >The use of a session is to save data like in cookie, where the only >difference is that it is stored on the server side rather then the >client side (that only stores the identifier of the session as a >cookie). > >So your authentication should look like so: > >if ($session['user'] ne '' and $session['authenticated'] eq 1) >{ > user already authenticated >} >else >{ > do a regular authentication process > > $session['user'] = $user; > $sesson['authenticated'] = 1; > ... >} > >One very important rule for CGI::Sessions, you must flush the data >before you finish your work or you will have strange errors and >problems. > >Ido > >On Fri, Feb 29, 2008 at 11:11 AM, Shmuel Fomberg <[EMAIL PROTECTED]> >wrote: >> Hello All. >> >> I'm trying to write a new web site, and was reading about >CGI::Application >> and CGI::Session. >> I understand how the CGI::Session use some storage (either file of a >> simplified database table) to store session information, and a cookie to >> connect the user to that session. But how do I authenticate the user? >Where >> in the loop I verify user name/password, and say 'I know this user, this >is >> his data', for the Session object to keep? >> >> Thanks, >> Shmuel. >> >> >> _______________________________________________ >> Perl mailing list >> [email protected] >> http://perl.org.il/mailman/listinfo/perl >> > > > >-- >http://ik.homelinux.org/ >_______________________________________________ >Perl mailing list >[email protected] >http://perl.org.il/mailman/listinfo/perl > > >-- >No virus found in this incoming message. >Checked by AVG Free Edition. >Version: 7.5.516 / Virus Database: 269.21.1/1303 - Release Date: 28/02/2008 >12:14 _______________________________________________ Perl mailing list [email protected] http://perl.org.il/mailman/listinfo/perl
