Franki,Are you using the plugin? If not, that might be a place to start, as it does the session allocation/cookie reading in the right order without requiring any work on your part.
Below is what I do (not using the plugin, but....). It is NOT textbook or even documented code, but it will hopefully give you an idea. Note that I am using Apache::Session which uses a tied hash rather than CGI::Session's nicer param facilities. However, the structure works for both. What isn't here is that the session method sets a cookie if one isn't present and always reads that cookie if it is present (which is the default behavior for CGI::App::Plugin::Session when using cookies?). The validation of the cookie happens afterward by looking up the _logged_in parameter in the session. If it is present, we have accomplished authentication and, if not, we need to go to login.
Hope this helps a bit and doesn't confuse matters further.
Sean
In my CGI::App subclass:
###############################
sub cgiapp_prerun {
###############################
my $self = shift;
my $session = $self->session;
if ($session->{'_logged_in'} eq 'in') {
return 1;
} else {
$self->prerun_mode('login');
}
return 1;
}
###############################
sub login {
###############################
my $self = shift;
my $errs = shift;
my $tt = $self->param('tt');
my $q = $self->query;
if ($q->param('login_submitted') && !$errs) {
return $self->process_login;
}
$q->param('rm' => 'login');
$q->param('frm' => 'login');
my $vars={err => $errs};
return $self->output('login_a.html',$vars);
}
###############################
sub process_login {
###############################
my $self = shift;
my $q = $self->query;
my $dbh = $self->dbh;
my $session = $self->session;
my $user = $q->param('user');
my $password = $q->param('password');
my $check = $dbh->check_login($user,$password,$q->get_remote_host);
my ($results,$err_page) = $self->check_rm('login','_login_profile');
return $err_page if $err_page;
if ($check =~ /^[0-9]/) {
$session->{'_user_id'}=$check;
$session->{'_logged_in'}='in';
return $self->front_page;
} else {
my $err = {some_errors => 1};
$err->{message} = $check;
return $self->login($err);
}
}
On Jan 18, 2005, at 12:39 PM, Franki wrote:
Hi guys,I have written my session code with CGI::SESS and it works fairly well, only it seems to create more then one session file for each visitor.. one for when they first go to the app, and then it swaps to another when they are logged in.The result is that I have a session directory with huge numbers of files in it, and had to create a crontab to delete old ones.Does anyone have any good clean example code of CGI:APP integrating with CGI::Session for a password protected app? I have a suspecision that I seriously overcomplicated what is really a fairly simple task, but seeing someone elses work might help me to see the error of my ways.rgds Franki --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/suppressed/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: suppressed For additional commands, e-mail: suppressed
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.