[cgiapp] Forcing a login...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cgiapp] Forcing a login...

Subject: [cgiapp] Forcing a login...
Date: Thu, 19 Dec 2002 05:03:56 +0800
From: "Franki" <suppressed>

Hi again folks.

Since there is such a wealth of knowledge here, I thought I'd ask for some
advice..

I tried to setup cgiapp_prerun so that if the user isn't about to see the
login page, or they are not already logged in..
they get sent to the login mode...

The two subs below are what I am using.. get_ID() just gets existing session
id's or creates a new one..

The problem is that cgiapp_prerun doesn't send the newly created
session_id,, and therefore the script creates another when the login screen
comes up.

Also, it won't be hard to set a form with 'seen_login_page' as a parameter..
(though I could test for that in all the other runmodes to stop it accepting
it.)

I am reading the CGI::Session docs again to see if there is a way of testing
for a session without creating one if there isn't.. that would solve the two
session files problem. (I don't think there is a way though.)

I am just trying to make this thing as hard to trick as possible..

any tips would be very welcome..

Sorry for being such a pain and asking so many questions.


regards

Franki


sub cgiapp_prerun
{
     my $self = shift;
     my $form_parameters = $self->query();
     my ($session_id, $session) = get_ID($form_parameters);
     # If they are not logged in already, and they are not trying to.
     # Send them to the login screen so they have to......
     unless (($form_parameters->param('seen_login_page')) ||
($session->param("logged_in")))
     {
     $self->param('Session_id', $session_id);
     $self->prerun_mode('mode_1');
     }
}

 sub get_ID
 {
     my $form_parameters = shift;
     my $session_id =  $form_parameters->param('Session_id') || undef;
     my $session = new CGI::Session(undef, $session_id,
{Directory=>'D:/tmp'});
        $session->expire('+15m');
     unless ($session_id)
     {
     $session_id = $session->id();
     }
     return ($session_id, $session);
 }


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] Forcing a login...
  - From: Ron Savage
- Re: [cgiapp] Forcing a login...
  - From: Mark Stosberg

References:
- RE: [cgiapp] cgiapp_prerun (what about passing vars with: return $self->display_login(); )
  - From: Brian . T . Wightman

Prev by Date: RE: [cgiapp] cgiapp_prerun (what about passing vars with: return $self->display_login(); )
Next by Date: Re: [cgiapp] Forcing a login...
Previous by thread: RE: [cgiapp] cgiapp_prerun (what about passing vars with: return $self->display_login(); )
Next by thread: Re: [cgiapp] Forcing a login...
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.