cyril.sudre at edf
Mar 8, 2010, 12:12 AM
Post #1 of 2
(675 views)
Permalink
|
|
Session cookie, auth cookie (2)
|
|
> Hi,
>
> I'd like to make parts of Bricolage accessible withou login, but have
any
> previoulsy logged user recognized. Let me explain :
>>Your explanation is how (or leading up to a question as to how). But let
me ask you this: why?
Well, in fact I've created some subdir in Bric app, and mixed some webapp
of mine to have only site.
> Do I have to implement a new method in AccessHandler for that (something
> like Bric::App::AccessHandler->connected)?
Yes, I think so. Note how we already allow anyone to access /media via
this bit:
push @locs,
" <Location /media>\n" .
" SetHandler default-handler\n" .
" PerlAccessHandler Apache::OK\n" .
" PerlCleanupHandler Apache::OK$fix\n" .
" </Location>";
So you could use Apache::OK just to give someone access to /, and if you
wanted to do anything else than just blindly accept any connection, you
would need to write a custom accesshandler method, yes.
> Why can't we just a session cookie with a expiration, instead of having
a
> separate auth cookie?
>>I think it's because they serve two distinct purposes. The auth cookie
is validated on every request,
So is session cookie, isn't it?
>>and thus stores a hash to be validated. Also, you may not want your
session data to be expired just because you logged out.
I agree with this. But I think Bric session expires whenever someone
loggout; Is that right?
Anyway, thanks for your response, and for this great piece of mod_perl
app. I think this piece of software may serve as a "state of the art"
example in mod_perl articles (in particular session and database
management accross requests).
Cyril
|
