Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
UserSessionCookie(3)  User Contributed Perl Documentation UserSessionCookie(3)

       Maypole::Authentication::UserSessionCookie - Track sessions and,
       optionally, users

	 use base qw(Apache::MVC Maypole::Authentication::UserSessionCookie);

	   sub authenticate {
	       my ($self, $r) =	@_;
	       return OK if $r->{user};
	       return OK if $r->{table}	eq "user" and $r->{action} eq "subscribe";
	       # Force them to the login page.
	       $r->{template} =	"login";
	       return OK;

       This module allows Maypole applications to have the concept of a	user,
       and to track that user using cookies and	sessions.

       It provides a number of methods to be inherited by a Maypole class. The
       first is	"get_user", which tries	to populate the	"user" slot of the
       Maypole request object.


       "get_user" does this first by checking for a session cookie from	the
       user's browser, and if one is not found,	calling	"check_credentials",
       whose behaviour will be described momentarily. If a session cookie is
       found, the userid ("uid") is extracted and passing to "uid_to_user"
       which is	expected to return a value (typically a	"User" object from the
       model class representing	the users of your system) to be	stored in the
       "user" slot. The	session	hash is	also placed in the "session" slot of
       the Maypole request for passing around user-specific session data.

       This method is useful for the situation in which	you've just created a
       user from scratch, and want them	to be logged in. You should pass in
       the user	ID of the user you want	to log in.

       The "check_credentials" method is expected to be	overriden, but the
       default implementation does what	most people expect: it checks for the
       two form	parameters (typically "user" and "password" but	configurable)
       and does	a "search" on the user class for those values. See
       "Configuration" for how the user	class is determined. This method works
       well if the model class is "Class::DBI"-based and may not work so well

       "check_credentials" is expected to return two values: the first will be
       placed in the "uid" slot	of the session,	the second is the user object
       to be placed in "$r-"{user}>.

       If the credentials are wrong, then "$r-"{template_args}{login_error}>
       is set to an error string.

       By default, this	returns	the result of a	"retrieve" on the UID from the
       user class. Again, see "Configuration".

       This method removes a user's session from the store and issues him a
       cookie which expires the	old cookie.

Session	tracking without user authentication
       For some	application you	may be interested in tracking sessions without
       forcing users to	log in.	The way	to do this would be to override
       "check_credentials" to always return a new ID and an entry into some
       shared storage, and "uid_to_user" to look the user up in	that shared

       The class provides sensible defaults for	all that it does, but you can
       change its operation through Maypole configuration parameters.

       First, the session data.	This is	retrieved as follows. The Maypole
       configuration parameter "{auth}{session_class}" is used as a class to
       tie the session hash, and this defaults to "Apache::Session::File". The
       parameters to the tie are the session ID	and the	value of the
       "{auth}{session_args}" configuration parameter. This defaults to:

	   { Directory => "/tmp/sessions", LockDirectory => "/tmp/sessionlock" }

       For instance, you might instead want to say:

	   $r->config->{auth} =	{
	       session_class =>	"Apache::Session::Flex",
	       session_args  =>	{
		   Store     =>	'DB_File',
		   Lock	     =>	'Null',
		   Generate  =>	'MD5',
		   Serialize =>	'Storable'

       The cookie name is retrieved from "{auth}{cookie_name}" but defaults to
       "sessionid". It defaults	to expiry at the end of	the session, and this
       can be set in "{auth}{cookie_expiry}".

       The user	class is determined by "{auth}{user_class}" in the
       configuration, but attempts to guess the	right user class for your
       application otherwise. Probably best not	to depend on that working.

       The field in the	user class which holds the username is stored in
       "{auth}{user_field}", defaulting	to "user"; similarly, the
       "{auth}{password_field}"	defaults to password.

       Simon Cozens, ""

       This may	be distributed and modified under the same terms as Maypole


perl v5.32.0			  2020-08-10		  UserSessionCookie(3)

NAME | SYNOPSIS | DESCRIPTION | Session tracking without user authentication | Configuration | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:

home | help