tamilthambi2 has asked for the wisdom of the Perl Monks concerning the following question:

Hello, I want to have authentication for my website using cgi/perl. Can anybody suggest a session based multiple user authentication without using .htaccess. It would be good if there are some Links to documentation Thanks in advance

Replies are listed 'Best First'.
Re: Authentication Suggestion in CGI
by davido (Cardinal) on Feb 05, 2005 at 05:10 UTC

    You're probably looking for CGI::Session to handle your sessions for you. You can also look at CGI::Session::Tutorial and CGI::Session::Cookbook. Therein you'll find the answers. In particular, there is a pretty in-depth discussion in the cookbook docs that explains how to handle logins, logins to private areas, etc. :)


    Dave

[reply]
Re: Authentication Suggestion in CGI
by Zaxo (Archbishop) on Feb 05, 2005 at 05:27 UTC

    What's wrong with .htaccess? Sessions and authentication are two different problems. Apache server authentication is fine, no need to use perl for that unless you are writing Apache modules in perl.

    If you mean you don't want to keep rewriting .htaccess for each signup, you need to look at group authenticatiom. Again, see the Apache manual.

    After Compline,
    Zaxo

[reply]

      Two things come to mind:

      1. The client doesn't want to have a pop-up dialog box for user login
      2. You need to customize the authentication to use a database and are not running mod_perl (which eliminates many of the fine modules available on CPAN)

          3. William

[reply]
Re: Authentication Suggestion in CGI
by FitTrend (Pilgrim) on Feb 05, 2005 at 18:39 UTC

    If you want a method that utilizes cookies that doesn't use any perl modules (although I recommend using modules), you can use this:

    sub cookieRead {
    local(@rawCookies) = split (/; /,$ENV{'HTTP_COOKIE'});

    foreach (@rawCookies) {
        ($key, $val) = split (/=/, $_);
        $cookie{$key} = $val;
    }
}
sub cookieWrite {
    local($name, $value, $expiration, $path, $domain, $secure) = @_;

    print "Set-Cookie: ";
    print ($name, "=", $value, "; path=", $path, "; domain=", $domain,
+ "; ", $secure, "\n");
}

    [download]

    Here is the code I use to write cookie information:

    &cookieWrite("session", "$userName::$Password", "$expDate", "/cgi-bin/
+", "fittrend.com");

    [download]

    Here is the code I use to read cookie information

    &cookieRead;
($cookie{'user'}, $cookie{'pass'}) = split (/::/, $cookie{'session'});

&loadUserSession($cookie{'user'});

    [download]

    a couple of things to point out:

    1. If the user name or password contains a :: then this code could potentially break.

    2. I recommend that you encrypt this information for security reasons. Using Crypt or another modules on cpan. Lastly, if you have a large amount of data, it won't fit on a single variable in the cookie. I just needed mine to track user name and password so I can use other code to load the entire user's profile from a MySQL back-end.

    At the time, I was having problems with multiple variables in a cookie, so I simply delimited it. If I spent more time on it, I'd probably fix it.

    Hope this helps
    -Marc

[reply]
[d/l]
[select]
Re: Authentication Suggestion in CGI
by holli (Abbot) on Feb 05, 2005 at 07:31 UTC
    I am surprised nobody mentioned it yet. There is a lot of code at CPAN for authentication.

    holli, regexed monk
[reply]

Back to Seekers of Perl Wisdom