Re: [cgiapp] Restrict access to certain run modes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] Restrict access to certain run modes

Subject: Re: [cgiapp] Restrict access to certain run modes
Date: Tue, 16 Aug 2005 21:59:56 -0400
From: Cees Hek <suppressed>

On 8/16/05, Barry Moore <suppressed> wrote:
> If you're on Windows or something else without /tmp edit the line 16 of
> the cgiapp module to something like this:
> CGI_SESSION_OPTIONS => ["driver:File", $self->query, {Directory =>
> "C:\\"}],

I know this doesn't have anything to do with what your are writing
about, but I thought I'd throw out a little helpful hint for
portability sake.  If you want to make this work on all systems, use
the File::Spec library (comes standard with perl), and look for the
tmpdir method.  It will return a valid temporary directory for the
platform that you are running on.

File::Spec->tmpdir

And interestingly enough, the options for
CGI::Application::Plugin::Session that you are using in your code are
actually the same as the defaults it provides (except that the plugin
uses the File::Spec->tmpdir method to figure out the temporary
directory).  So you could have just configured your session like this:

$self->session_config(
    COOKIE_PARAMS     => {-expires => '+24h',},
    SEND_COOKIE         => 1
);

And since the latest release, CGI::Application::Plugin::Session can
automatically set the expiry date on the session for you, which then
also adds the same expiry date to the outgoing cookie.  So you could
use the DEFAULT_EXPIRY option instead of the COOKIE_PARAMS method. 
And SEND_COOKIE is on by default so you don't need it either :)

$self->session_config(
    DEFAULT_EXPIRY => '+24h',
);

That will create file based sessions in a temp dir consistent with the
platform you are running on, and it will set all new sessions to
expire in 24 hours, and automatically send a cookie that also expires
in 24 hours.

Cheers,

Cees

ps for what it is worth, I do authentication in a very similar way as
in your code, except that I do the authentication through
CGI::Session::Auth (for now).  But the structure (doing the checks in
prerun, etc...) is very similar.  There, that brings us back on topic
;)

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] Restrict access to certain run modes
  - From: Barry Moore

References:
- RE: [cgiapp] Restrict access to certain run modes
  - From: Barry Moore

Prev by Date: [cgiapp] Re: CGI-Application on IIS and PATH_INFO
Next by Date: [cgiapp] ANNOUNCE: AnyTemplate 0.10
Previous by thread: RE: [cgiapp] Restrict access to certain run modes
Next by thread: Re: [cgiapp] Restrict access to certain run modes
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.