There's a few different ways to track user
sessions, so you'll need to assess exactly which
one is best for your needs. This is covered by an
entire chapter in O'Reilly's Writing Apache Modules
in Perl and C. I'll recap a few of the methods that
don't absolutely require mod_perl.
Hidden tags - Each page is
generated via a script of some type. Store the
userid and such in hidden input tags of a form.
This method generally only works with a linear
flow of pages.
Cookies - This is probably
the quickest and easiest to implement based on
what you are asking for. Once they login, set a
session-based cookie (goes away when they close
their browser) that marks them as logged in. Of
course, if someone has cookies turned off, this
one isn't going to work.
Database - Store whether they
are currently logged in with a database. You have
to combine this with one of the above methods to
keep track of a session ID. You can also keep
track of the session ID in a query string on the
end of your URLs.
| [reply] |
To really protect those documents, you'll probably
need to basically re-authorize the user on each
request. You can either roll your own
authentication, or you can use the HTTP basic
authentication scheme.
If you choose the former, you'll probably want to
have a login screen; then authenticate the user,
set a cookie, and let the user view the documents.
On each request for a document, check for the
authentication cookie: if it exists, let the user
view the doc; if it doesn't exist, make the user
log in again.
If you choose to go with basic authentication,
you'll want to authenticate out of your database,
since you already have the username/password
info in there. Check out Apache::AuthDBI (on
CPAN) for doing basic authentication out of
a database for which you have a DBI driver. | [reply] |
here's a solution based on CGI::Session module | [reply] |