Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

How can I authenticate HTTP sessions?

by rodry (Beadle)
on Apr 12, 2000 at 09:37 UTC ( #7365=categorized question: print w/replies, xml ) Need Help??
Contributed by rodry on Apr 12, 2000 at 09:37 UTC
Q&A  > CGI programming


I have a database that has login information (such as username and password) that is used to allow the user to get to some pages and documents that are otherwise restricted. How do I make sure that these documents are not accessed in any way other than the login screen? I know this has to do with managing user sessions. Please point me to any related literature.

Answer: How can I authenticate HTTP sessions ?
contributed by comatose

There's a few different ways to track user sessions, so you'll need to assess exactly which one is best for your needs. This is covered by an entire chapter in O'Reilly's Writing Apache Modules in Perl and C. I'll recap a few of the methods that don't absolutely require mod_perl.

Hidden tags - Each page is generated via a script of some type. Store the userid and such in hidden input tags of a form. This method generally only works with a linear flow of pages.

Cookies - This is probably the quickest and easiest to implement based on what you are asking for. Once they login, set a session-based cookie (goes away when they close their browser) that marks them as logged in. Of course, if someone has cookies turned off, this one isn't going to work.

Database - Store whether they are currently logged in with a database. You have to combine this with one of the above methods to keep track of a session ID. You can also keep track of the session ID in a query string on the end of your URLs.

Answer: How can I authenticate HTTP sessions ?
contributed by btrott

To really protect those documents, you'll probably need to basically re-authorize the user on each request. You can either roll your own authentication, or you can use the HTTP basic authentication scheme.

If you choose the former, you'll probably want to have a login screen; then authenticate the user, set a cookie, and let the user view the documents. On each request for a document, check for the authentication cookie: if it exists, let the user view the doc; if it doesn't exist, make the user log in again.

If you choose to go with basic authentication, you'll want to authenticate out of your database, since you already have the username/password info in there. Check out Apache::AuthDBI (on CPAN) for doing basic authentication out of a database for which you have a DBI driver.

Answer: How can I authenticate HTTP sessions ?
contributed by mezhaka

here's a solution based on CGI::Session module

Please (register and) log in if you wish to add an answer

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others chanting in the Monastery: (5)
    As of 2020-11-25 03:19 GMT
    Find Nodes?
      Voting Booth?

      No recent polls found