Session Cookie Mod
Copyright 2000, oldmoney
Summary: Session Cookie Mod creates a persistent session, enabling users to login to your DB just once per session. Now they can go to other non-DB pages on your site or even other sites, and when they return to the DB they are still logged in provided they have not closed all browser windows (e.g. killed the session cookie). Sessions expire and users can still log off as per normal.
Requirements: Matt's HTTP Cookie Library, found at www.worldwidemart.com/scripts/cookielib.shtml
Instructions:
1. Download cookie.lib, change the variable $Cookie_Domain = '.yourdomain.com'; and upload to your server with the permissions 644.
2. In db.cgi, add
after
and add
after
3. In auth.pl, replace
print AUTH "$uid: $ENV{'REMOTE_HOST'}\n";
close AUTH;
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);with
print AUTH "$view:$add:$del:$mod:$admin:$ENV{'REMOTE_HOST'}\n"; # Session Cookie Mod
close AUTH;
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
&SetCookies('session',$db_uid); # Session Cookie Mod
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);and replace
return 'no login';
}with
&GetCookies('session');
if (length($Cookies{'session'}) > 4) {
$db_uid = $Cookies{'session'};
if (-e "$auth_dir/$db_uid") {
open(AUTH, "<$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
@perm = <AUTH>;
close AUTH;
($view, $add, $del, $mod, $admin, $host) = split (/:/, @perm[0]);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin); }
else {
&SetCookies('session','');
return 'no login';
}
}
else { return 'no login'; }
}
That's it... some final thoughts: I have tested this with multiple DBs sharing a common auth and password files. It will require substantial modification if you are running multiple DBs with separate password files. You can cut down on server overhead by moving most of the static HTML out of default.pl, and could also extend this mod to completely eliminate the authorization check for viewing records (assuming your DB is configured to allow the default user). Finally, integration with other scripts should be easier since the current session is now stored in a cookie.
------------------
The Immuatable Order of Modding
-=-=-=-=-=-=-=-
1. Read the FAQ, 2. Search the board, 2a. Search the board again, 3. ask the question, 4. back-up, 5. experiment, 6. rephrase question (or better yet, post solution to original question)
[This message has been edited by oldmoney (edited April 01, 2000).]
Copyright 2000, oldmoney
Summary: Session Cookie Mod creates a persistent session, enabling users to login to your DB just once per session. Now they can go to other non-DB pages on your site or even other sites, and when they return to the DB they are still logged in provided they have not closed all browser windows (e.g. killed the session cookie). Sessions expire and users can still log off as per normal.
Requirements: Matt's HTTP Cookie Library, found at www.worldwidemart.com/scripts/cookielib.shtml
Instructions:
1. Download cookie.lib, change the variable $Cookie_Domain = '.yourdomain.com'; and upload to your server with the permissions 644.
2. In db.cgi, add
Code:
require 'cookie.lib'; # Session Cookie ModCode:
require "auth.pl"; # Authorization RoutinesCode:
&SetCookies('session','');Code:
elsif ($in{'logoff'}) { &auth_logging('logged off') if ($auth_logging);3. In auth.pl, replace
Code:
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n"); print AUTH "$uid: $ENV{'REMOTE_HOST'}\n";
close AUTH;
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
Code:
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n"); print AUTH "$view:$add:$del:$mod:$admin:$ENV{'REMOTE_HOST'}\n"; # Session Cookie Mod
close AUTH;
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
&SetCookies('session',$db_uid); # Session Cookie Mod
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
Code:
else { # User has not logged on yet. return 'no login';
}
Code:
else { # Session Cookie Mod &GetCookies('session');
if (length($Cookies{'session'}) > 4) {
$db_uid = $Cookies{'session'};
if (-e "$auth_dir/$db_uid") {
open(AUTH, "<$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
@perm = <AUTH>;
close AUTH;
($view, $add, $del, $mod, $admin, $host) = split (/:/, @perm[0]);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin); }
else {
&SetCookies('session','');
return 'no login';
}
}
else { return 'no login'; }
}
That's it... some final thoughts: I have tested this with multiple DBs sharing a common auth and password files. It will require substantial modification if you are running multiple DBs with separate password files. You can cut down on server overhead by moving most of the static HTML out of default.pl, and could also extend this mod to completely eliminate the authorization check for viewing records (assuming your DB is configured to allow the default user). Finally, integration with other scripts should be easier since the current session is now stored in a cookie.
------------------
The Immuatable Order of Modding
-=-=-=-=-=-=-=-
1. Read the FAQ, 2. Search the board, 2a. Search the board again, 3. ask the question, 4. back-up, 5. experiment, 6. rephrase question (or better yet, post solution to original question)
[This message has been edited by oldmoney (edited April 01, 2000).]