Re: [cgiapp] CAP::Authentication & cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] CAP::Authentication & cookies

Subject: Re: [cgiapp] CAP::Authentication & cookies
Date: Tue, 28 Mar 2006 14:21:04 -0500
From: Michael Graham <suppressed>

> Right I see now - I have to explicitly set SEND_COOKIE => 0 as a
> session_config param, as the default is 'on'. So I will have to handle
> session id traffic myself. Do you have any tips on how to do that most
> effectively - obviously it has to form part of the url for link-based
> navigation and hidden fields for forms. Perhaps CAP::LinkIntegrity and
> CAP::FormState can be used here?

I haven't tested it, but I believe that CGI::Session by default will
look for a cookie named CGISESSID, and if it doesn't exist, it will look
for a query param named CGISESSID.

So if cookies aren't reliable, you can add a CGISESSID parameter to
every form and every link.

You can make the CGISESSID parameter available to all pages by means of
the load_tmpl hook:

    sub my_load_tmpl_callback {
        my ($self, $ht_params, $tmpl_params, $tmpl_file) = @_;
        $tmpl_params->{'CGISESSID'} = $self->session->id;
    }

(if you're using CAP::TT, you would use the tt_pre_process hook instead,
but the idea is the same)

Then, add a session parameter hidden field to every form:

    <input type="hiddden" name="CGISESSID" value="[% CGISESSID %]">

(CAP::FormState won't help you here, because there's a chicken-and-egg
problem:  CAP::FormState stores information in the user's session)

You also have to add the session id to all links:

    <a href="/foo.cgi?bar=baz;CGISESSID=[% CGISESSID %]">Foo</a>

This can be made slightly less messy with CAP::LinkIntegrity:

    <a href="[% app.self_link('CGISESSID' => CGISESSID ...) %]">...</a>

As Cees points out, you will have a problem if your app contains any
plain html pages, because you won't be able to add the session id to
links on those pages.


Michael


--
Michael Graham <suppressed>


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] CAP::Authentication & cookies
  - From: RA Jones

References:
- Re: [cgiapp] CAP::Authentication & cookies
  - From: Ron Savage
- Re: [cgiapp] CAP::Authentication & cookies
  - From: RA Jones

Prev by Date: Re: [cgiapp] CAP::Authentication & cookies
Next by Date: Re: [cgiapp] CAP::Authentication & cookies
Previous by thread: Re: [cgiapp] CAP::Authentication & cookies
Next by thread: Re: [cgiapp] CAP::Authentication & cookies
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.