david at kineticode
Mar 5, 2010, 9:05 AM
Post #2 of 2
On Mar 5, 2010, at 4:24 AM, Cyril SUDRE wrote:
> I'd like to make parts of Bricolage accessible withou login, but have any
> previoulsy logged user recognized. Let me explain :
Your explanation is how (or leading up to a question as to how). But let me ask you this: why?
> Do I have to implement a new method in AccessHandler for that (something
> like Bric::App::AccessHandler->connected)?
Yes, I think so. Note how we already allow anyone to access /media via this bit:
" <Location /media>\n" .
" SetHandler default-handler\n" .
" PerlAccessHandler Apache::OK\n" .
" PerlCleanupHandler Apache::OK$fix\n" .
So you could use Apache::OK just to give someone access to /, and if you wanted to do anything else than just blindly accept any connection, you would need to write a custom accesshandler method, yes.
> Why can't we just a session cookie with a expiration, instead of having a
> separate auth cookie?
I think it's because they serve two distinct purposes. The auth cookie is validated on every request, and thus stores a hash to be validated. Also, you may not want your session data to be expired just because you logged out.
> Thank's in advance for your response, I'm not quite used with ticket based