jgallagher has asked for the wisdom of the Perl Monks concerning the following question:

In the fairly near future, my workplace will begin hosting its own web site (nothing mission critical, and we have a half T1 with practically unused upstream), and I, as the resident web programmer, have pretty much total control over everything. How nice is that? I've written a couple of applications using PHP, mainly due to the restrictiveness of our host, but most/all future projects are going to be in Perl. The one I'm planning right now will make use of the following: I'm thinking I'm 90% done with my entire app already. :-) The only issue (hah! the only issue I foresee at the moment, perhaps) is how to handle user authentication. I rolled my own in PHP, and it wouldn't be a huge deal to do the same thing in Perl, but I would prefer to do it at the webserver level. I've looked at Apache::AuthCookie and Apache::AuthCookieURL, but I haven't found a good example of how to tie these in with everything I listed above (esp. with Apache::Session - do they use the same session keys? different? which gets set first? etc.). Can anyone point me in the right direction?

Replies are listed 'Best First'.
Re: Webserver level authentication?
by perrin (Chancellor) on Apr 30, 2003 at 05:22 UTC
    Apache::Session normally generates its own keys, but you can make it take one you generate by writing your own Apache::Sessiom::Generate class. See also Apache::SessionX and Apache::SessionManager.
[reply]
Re: Webserver level authentication?
by UnderMine (Friar) on Apr 30, 2003 at 10:32 UTC
    If you are happy hand rolling but want to do this at the web server level then investigate PerlTransHandler's these can be used to impliment global pre-processing in modPerl.

    Example :- http://perl.apache.org/start/tips/favicon.html

    Hope this Helps
    UnderMine

[reply]
Re: Webserver level authentication?
by nite_man (Deacon) on Apr 30, 2003 at 09:24 UTC
    I would like to suggest you use Embperl for embedding Perl code into your html pages. This tool includes the means for session handling, Form validation, Access to the databases and many another usefull options.
    Another tool which is more powerfull and flexible, is Mason. Mason is good choise for development of complicated projects. 
          
--------------------------------
SV* sv_bless(SV* sv, HV* stash);
[reply]

      I'm going to strongly disagree. Embedding code into your formatting is wrong and grossly unmaintable. And it makes writting a 'Web application' more like writting a series of web pages that don't often interact well.

      The original poster is on the right track by using a templating system. It allows for a single program to output the correct code based on its input. I have a feeling that its faster than EmbedPerl or Mason as well.

      To answer the poster's question about sessions, I usually roll my own for flexability purposes. I use MySQL's MD5 function and random data to create keys and just send cookies to the user's browser. I typically create a 'login' module that checks for sessions or displays a User/Pass form. md5_hex() from the Digest::MD5 module can also be used in place of MySQL.

      Lobster Aliens Are attacking the world!
[reply]
      Why would you do that?

      You don't see me plugging Everything or Bricolage, or any of a doze other comparable systems. There have been a dozen nodes about which system is better, and why who likes what ... Why not just stick to the question asked?

      MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
      I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
      ** The Third rule of perl club is a statement of fact: pod is sexy.

[reply]
Re: Webserver level authentication?
by PodMaster (Abbot) on Apr 30, 2003 at 22:32 UTC
    Hi, i'd like to point out that you can eliminate CGI::Application and Apache::Session by using CGIS::Application ;D It's CGI::Session enabled CGI::Application.

    As for webserver level authentication, google for something like mod_perl htaccess database, and look into PerlAccessHandlers -- this article by merlyn seems to be close enough, you could probably get it staright from merlyn's website as well.

    MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
    I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
    ** The Third rule of perl club is a statement of fact: pod is sexy.

[reply]
Re: Webserver level authentication?
by Notromda (Pilgrim) on Apr 30, 2003 at 22:53 UTC
    I have had lots of fun with Apache::ASP. Not it's not VB, it's perl! It automatically takes care of sessions, and when a session starts, you can authenticate by whatever means, and then store a session variable to indicate the user is authenticated. On every page load, check for that variable, and redirect to a login page if it doesn't exist. The session stuff also helps tremendously with the total application.
[reply]

Back to Seekers of Perl Wisdom