Martin A has asked for the wisdom of the Perl Monks concerning the following question:

I am currently working on a web site which needs login functionality.

Which is the smartest way of doing this?
How does the perlmonks.org handle this?

Some of my thoughts have been to be giving the user a session id as a cookie and let the server remember that the user is loged in, or setting the username and password as a cookie on the users computer and let the server read that and log him/her in to every page that are being accessed.

Maybe there are other solutions to this, if so please tell me.


// Martin

Replies are listed 'Best First'.
Re: Login solutions.
by ColtsFoot (Chaplain) on Aug 03, 2000 at 16:15 UTC
    If all that you require is to be able to identify the user then what I do
    is get the user to register with theie email address, generate a password for
    them and store this information, which can be encrypted, in a database. Then I
    email the user with their password. When they login I just verify the password
    supplied with the one from the database.

    If you want the user to be able to log in and out, and you want to be able to
    recognise this on every page then cookies would seem to be the answer.

[reply]
Re: Login solutions.
by c-era (Curate) on Aug 03, 2000 at 16:56 UTC
    Using a session ID cookie is probably the best idea. The user only has to send their username and password once to you. It is also faster to lookup a number instead of a user name and then verifying the password.
[reply]
RE: Login solutions.
by Jonathan (Curate) on Aug 04, 2000 at 14:04 UTC
    Of course theres more than one way to do. If you are using Apache then I like mod_perl and the Apache API to request http authentication and then perform validation against a database (using the DBI of course :-). Of course if you don't want users having to log in each session then cookies are a sound method.
    Lincoln Stein's and Doug MacEachern book 'writing Apache Modules with Perl and C' has an excellent section on different authorisation schemes.
[reply]
(crazyinsomniac) Re: Login solutions.
by crazyinsomniac (Prior) on Aug 04, 2000 at 12:32 UTC
    Session ID Cookie or a Session ID Hidden Form Field. 
    <FORM NAME='FOO' ACTION='/cgi-bin/fetch.cgi' METHOD='post'>
<INPUT TYPE='hidden' NAME='SecretSessionID' VALUE='3047@hot090@j'>
<INPUT TYPE='hidden' NAME='place2go' VALUE=''>
</FORM>

    [download]
    Use a javascript function to submit the form to your fetch.cgi.
    In your cgi parse the form, check the 'SecretSessionID' against the one in your database, and then fetch the 'place2go'.
    If i were you, upon login, i would dynamically generate the SecretSessionID which would a mix of the ip/time/email and would expire after 1 hour. 
    function fetch(astring)
{
  document.forms.foo.place2go.value=astring;
  document.forms.foo.submit();
}
For links use "<a href='javascript:fetch('filename.html');'>foo2</a>

    [download]
     ______________________________________________
|_____¸.·ooO--(> cRaZy is co01. <)--Ooo·.¸_____|
 ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom