Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ModPerl>
  3. Embperl
Authentication & session handling
oskar at osz
Oct 18, 2007, 1:24 AM
Post #1 of 2 (3255 views)
Permalink
Hi!

I wonder if there is a "out of the box" Embperl solution for the common
login/authentication/session scenario:

1. User accesses the web area which is protected and requires
authentication, i.e.
https://greatapp.mycompany.com/protected/greate/stuff.epl
2. The user has not a valid session cookie
3. User gets directed to login page
https://greatapp.mycompany.com/login/login.epl
4. User successfully authenticates in the login form (to LDAP for
instance, but that should be interchangeable)
5. Then an internal redirect is done to the original uri:
https://greatapp.mycompany.com/protected/greate/stuff.epl
6. User is in!
7. Every time the user accesses a protected document, the timestamp is
updated for the session cookie in database.
8. If user drinks coffee for 20 minutes and comes back to her protected
area and does a refresh or something, she will be redirected to the
login page.
9. If the authentication is successfully, the user will be redirected to
the original requested uri. (this means that the uri must be saved
between requests in some way)
10. Etc ...

And so long the cookie is valid the user has free access to the whole
restricted area. But when the cookie expires due to inactivity, then the
user again is redirected to the login page.

I have done this solution for my Embperl application but have
implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler.
So the question is, is there a ready framework for doing all this in
Embperl instead?

/Oskar



--
Oskar Ahner
OSZ Open Systems




---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
RE: Authentication & session handling [ In reply to ]
richter at ecos
Nov 12, 2007, 11:11 AM
Post #2 of 2 (3043 views)
Permalink
Hi,

I am not aware of a ready framework. The Embperl web sites (which you
can find as an example under eg/web in the Embperl distribution),
implements some of your ideas.

Gerald

------------------------------------------------------------------------
Gerald Richter ECOS electronic communication services GmbH
******************* SECURING YOUR NETWORK ********************

Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 939-122
WWW: http://www.ecos.de Fax: +49 6133 939-333

Sitz der Gesellschaft: Dienheim; AG Mainz HRB 6889
Geschäftsführer: Wolfgang Heck, Gerald Richter
------------------------------------------------------------------------



> -----Original Message-----
> From: Oskar Ahner [mailto:oskar@osz.nu]
> Sent: Thursday, October 18, 2007 10:24 AM
> To: embperl@perl.apache.org
> Subject: Authentication & session handling
>
> Hi!
>
> I wonder if there is a "out of the box" Embperl solution for
> the common login/authentication/session scenario:
>
> 1. User accesses the web area which is protected and requires
> authentication, i.e.
> https://greatapp.mycompany.com/protected/greate/stuff.epl
> 2. The user has not a valid session cookie 3. User gets
> directed to login page https://greatapp.mycompany.com/login/login.epl
> 4. User successfully authenticates in the login form (to LDAP
> for instance, but that should be interchangeable) 5. Then an
> internal redirect is done to the original uri:
> https://greatapp.mycompany.com/protected/greate/stuff.epl
> 6. User is in!
> 7. Every time the user accesses a protected document, the
> timestamp is updated for the session cookie in database.
> 8. If user drinks coffee for 20 minutes and comes back to her
> protected area and does a refresh or something, she will be
> redirected to the login page.
> 9. If the authentication is successfully, the user will be
> redirected to the original requested uri. (this means that
> the uri must be saved between requests in some way) 10. Etc ...
>
> And so long the cookie is valid the user has free access to
> the whole restricted area. But when the cookie expires due to
> inactivity, then the user again is redirected to the login page.
>
> I have done this solution for my Embperl application but have
> implemented it in mod_perl with PerlAuthHandler and PerlAuthzHandler.
> So the question is, is there a ready framework for doing all
> this in Embperl instead?
>
> /Oskar
>
>
>
> --
> Oskar Ahner
> OSZ Open Systems
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
>
>
> ** Virus checked by BB-5000 Mailfilter **
> !DSPAM:416,47171a0d26531063441679!
>
>

** Virus checked by BB-5000 Mailfilter **

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal