Hi,
I'd like to make parts of Bricolage accessible withou login, but have any
previoulsy logged user recognized. Let me explain :
Actually, all pages are protected via Bric::App::AccessHandler. I'd like
to restrict this protection in a subarea, and let, for example, ANY user
to see pages under document_roo t( "/" ).
When uri is /protected, the user is redirected to login form and
authentified. When user go back to non-protected area, the login is still
valid (for the period specified in AUTH_TTL), and can be displayed in a
head banner, for example.
Something like :
<location />
PerlAuthenHandler Bric::App::AccessHandler::newmethod
(anything that recognize user)
PerlResponseHandler Bric::App::Handler
</location>
<location /protected>
PerlAuthenHandler Bric::App::AccessHandler
PerlResponseHandler Bric::App::Handler
</location>
But this would just map session id to storage, without setting any
recognized user (from BRIC_AUTH cookie).
Do I have to implement a new method in AccessHandler for that (something
like Bric::App::AccessHandler->connected)?
Why can't we just a session cookie with a expiration, instead of having a
separate auth cookie?
Thank's in advance for your response, I'm not quite used with ticket based
authentication.
Cyril
I'd like to make parts of Bricolage accessible withou login, but have any
previoulsy logged user recognized. Let me explain :
Actually, all pages are protected via Bric::App::AccessHandler. I'd like
to restrict this protection in a subarea, and let, for example, ANY user
to see pages under document_roo t( "/" ).
When uri is /protected, the user is redirected to login form and
authentified. When user go back to non-protected area, the login is still
valid (for the period specified in AUTH_TTL), and can be displayed in a
head banner, for example.
Something like :
<location />
PerlAuthenHandler Bric::App::AccessHandler::newmethod
(anything that recognize user)
PerlResponseHandler Bric::App::Handler
</location>
<location /protected>
PerlAuthenHandler Bric::App::AccessHandler
PerlResponseHandler Bric::App::Handler
</location>
But this would just map session id to storage, without setting any
recognized user (from BRIC_AUTH cookie).
Do I have to implement a new method in AccessHandler for that (something
like Bric::App::AccessHandler->connected)?
Why can't we just a session cookie with a expiration, instead of having a
separate auth cookie?
Thank's in advance for your response, I'm not quite used with ticket based
authentication.
Cyril