Re: [cgiapp] Safe way to remember user login?

2009-01-14 Thread Lyle
Mark Fuller wrote: On Tue, Jan 13, 2009 at 5:41 PM, Lyle webmas...@cosmicperl.com wrote: People wrote: (various comments) I think you're right, I shouldn't worry and just let the browser handle it. I might make it remember the username by default for convenience if they choose

Re: [cgiapp] Safe way to remember user login?

2009-01-14 Thread Mark Fuller
On Wed, Jan 14, 2009 at 3:41 AM, Lyle webmas...@cosmicperl.com wrote: Runs the risk of the session ID being found, but I guess if I verify the cookie and IP address... I think the risk of the session ID (cookie) hijacking is the same either way. So, whether they are forced to a login page as a

Re: [cgiapp] Safe way to remember user login?

2009-01-14 Thread Michael Peters
Mark Fuller wrote: I don't understand the remember me thing. If you use a cookie with a session key, and maintain on the server side that the user wants to be remembered, why even display the login page to them? Just treat them as already logged in, and let them into your site? That's a good

Re: [cgiapp] CGI::Application::Dispatch help

2009-01-14 Thread Michael Peters
fREW Schmidt wrote: I am a little confused about how CAD is supposed to work I guess. Let's see if we can help... First off, I have a directory, call it abc. That right there is kind of a red-flag. Not that you're doing anything wrong, but Apache has a weird notion of PATH_INFO when a

RE: [cgiapp] Safe way to remember user login?

2009-01-14 Thread Jesse Erlbaum
The way I've accomplished this is by adding something like an md5key column to the users database. When someone checks the remember me button you can generate a key based on something like, their username / password / the current date + some salt (or whatever you like). I do something a

Re: [cgiapp] CGI::Application::Dispatch help

2009-01-14 Thread fREW Schmidt
That right there is kind of a red-flag. Not that you're doing anything wrong, but Apache has a weird notion of PATH_INFO when a real directory exists. And Dispatch relies on PATH_INFO for parsing. You can check what Apache thinks it is by printing the $ENV{PATH_INFO} in your Dispatch.pm.

[cgiapp] CGI::Application::Plugin::Authentication --- Can't locate object method _cgiapp via package Aff

2009-01-14 Thread Terrence Brannon
Hello, I am using CGI::Application::Plugin::Authentication and my package starts out like this: package Aff; use CGI::Carp 'fatalsToBrowser' ; use base 'CGI::Application'; use CGI::Application::Plugin::Authentication; use CGI::Application::Plugin::Session; use Local::Seamstress;

Re: [cgiapp] CGI::Application::Plugin::Authentication --- Can't locate object method _cgiapp via package Aff

2009-01-14 Thread Stewart Heckenberg
goto CGI::Application::Plugin::Authentication::login_box Have you tried it without the above line? Perhaps just replace the above with: return login box goes here; Or something similar, just to test. My guess is the goto is causing the problem. Stew # CGI::Application community mailing