Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ModPerl: Embperl

Authentication & session handling

 

 

ModPerl embperl RSS feed   Index | Next | Previous | View Threaded


oskar at osz

Oct 18, 2007, 1:24 AM

Post #1 of 2 (2322 views)
Permalink
Authentication & session handling

Hi!

I wonder if there is a "out of the box" Embperl solution for the common
login/authentication/session scenario:

1. User accesses the web area which is protected and requires
authentication, i.e.
https://greatapp.mycompany.com/protected/greate/stuff.epl
2. The user has not a valid session cookie
3. User gets directed to login page
https://greatapp.mycompany.com/login/login.epl
4. User successfully authenticates in the login form (to LDAP for
instance, but that should be interchangeable)
5. Then an internal redirect is done to the original uri:
https://greatapp.mycompany.com/protected/greate/stuff.epl
6. User is in!
7. Every time the user accesses a protected document, the timestamp is
updated for the session cookie in database.
8. If user drinks coffee for 20 minutes and comes back to her protected
area and does a refresh or something, she will be redirected to the
login page.
9. If the authentication is successfully, the user will be redirected to
the original requested uri. (this means that the uri must be saved
between requests in some way)
10. Etc ...

And so long the cookie is valid the user has free access to the whole
restricted area. But when the cookie expires due to inactivity, then the
user again is redirected to the login page.

I have done this solution for my Embperl application but have
implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler.
So the question is, is there a ready framework for doing all this in
Embperl instead?

/Oskar



--
Oskar Ahner
OSZ Open Systems




---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe [at] perl
For additional commands, e-mail: embperl-help [at] perl


richter at ecos

Nov 12, 2007, 11:11 AM

Post #2 of 2 (2116 views)
Permalink
RE: Authentication & session handling [In reply to]

Hi,

I am not aware of a ready framework. The Embperl web sites (which you
can find as an example under eg/web in the Embperl distribution),
implements some of your ideas.

Gerald

------------------------------------------------------------------------
Gerald Richter ECOS electronic communication services GmbH
******************* SECURING YOUR NETWORK ********************

Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter [at] ecos Voice: +49 6133 939-122
WWW: http://www.ecos.de Fax: +49 6133 939-333

Sitz der Gesellschaft: Dienheim; AG Mainz HRB 6889
Geschäftsführer: Wolfgang Heck, Gerald Richter
------------------------------------------------------------------------



> -----Original Message-----
> From: Oskar Ahner [mailto:oskar [at] osz]
> Sent: Thursday, October 18, 2007 10:24 AM
> To: embperl [at] perl
> Subject: Authentication & session handling
>
> Hi!
>
> I wonder if there is a "out of the box" Embperl solution for
> the common login/authentication/session scenario:
>
> 1. User accesses the web area which is protected and requires
> authentication, i.e.
> https://greatapp.mycompany.com/protected/greate/stuff.epl
> 2. The user has not a valid session cookie 3. User gets
> directed to login page https://greatapp.mycompany.com/login/login.epl
> 4. User successfully authenticates in the login form (to LDAP
> for instance, but that should be interchangeable) 5. Then an
> internal redirect is done to the original uri:
> https://greatapp.mycompany.com/protected/greate/stuff.epl
> 6. User is in!
> 7. Every time the user accesses a protected document, the
> timestamp is updated for the session cookie in database.
> 8. If user drinks coffee for 20 minutes and comes back to her
> protected area and does a refresh or something, she will be
> redirected to the login page.
> 9. If the authentication is successfully, the user will be
> redirected to the original requested uri. (this means that
> the uri must be saved between requests in some way) 10. Etc ...
>
> And so long the cookie is valid the user has free access to
> the whole restricted area. But when the cookie expires due to
> inactivity, then the user again is redirected to the login page.
>
> I have done this solution for my Embperl application but have
> implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler.
> So the question is, is there a ready framework for doing all
> this in Embperl instead?
>
> /Oskar
>
>
>
> --
> Oskar Ahner
> OSZ Open Systems
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe [at] perl
> For additional commands, e-mail: embperl-help [at] perl
>
>
> ** Virus checked by BB-5000 Mailfilter **
> !DSPAM:416,47171a0d26531063441679!
>
>

** Virus checked by BB-5000 Mailfilter **

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe [at] perl
For additional commands, e-mail: embperl-help [at] perl

ModPerl embperl RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.