Apache-SecSess
1 match

 view release on metacpan or  search on metacpan

SecSess.pm  view on Meta::CPAN 

		return {
			message => "Expired, redirecting '$uid' to '$uri?type=expire'.",
			uri => "$uri?type=expire"
		};
	}
	if ($t > $ts + 60*($idle+$renew)) { # idle timeout
		$uri = $self->timeoutURL;
		return {
			message => "Cookie idle too long '$uid'.",
			uri => "$uri?type=idle"
		};
	}
	if ($t > $ts + 60*$renew) { # renew
		$uri = $self->renewURL;
		$requri = $self->requested_uri($r);
		return {
			message => "Renewing credentials for user '$uid'.",
			renew => 'true',
			uri => "$uri?url=$requri"
		};
	}

	return undef;
}

## get requirements
sub getRequirements {
	my $self = shift;
	my($r) = @_;
	return $r->requires;
}

## authorize request
sub authorizeRequest {
	my $self = shift;
	my($r, $req) = @_;

	return undef;
}

#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# 		Utilities
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
#

## extract the requested URI as base64 wrapped
sub requested_uri {
	my $self = shift;
	my($r) = @_;
	my($u, %args, $requrl);

	%args = $r->args;
	unless ($requrl = $args{url}) { # will already be wrapped
		$u = Apache::URI->parse($r);
		$requrl = $self->wrap_uri($u->unparse);
	}
	return $requrl;
}

## (un)wrap a URI, with more armor than Apache::Util::escape_uri
sub wrap_uri {
	my $self = shift;
	my($u) = @_;
	$u = encode_base64($u, '');
    $u =~ tr/\+\/\=/-._/;
	return $u;
}
sub unwrap_uri {
	my $self = shift;
	my($u) = @_;
    $u =~ tr/\-\.\_/+\/=/;
	return decode_base64($u);
}

1;

__END__

#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# 		Man Page
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
#

=head1 NAME

Apache::SecSess - Secure Apache session management library

=head1 SYNOPSIS

  In startup.pl,

    $My::obj = Apache::SecSess::Cookie::X509->new(...)

  In httpd.conf,

    <Location /protected>
      PerlAuthenHandler $My::obj->authen
      ...
    </Location>

  See section EXAMPLE below for more details.

=head1 DESCRIPTION

This package is a software library for managing HTTP and HTTPS 
session security within the Apache mod_perl framework.  It offers the 
flexibility to securely configure distributed web services, across 
multiple hosts and domains, consistent with a common security policy.

In a complex environment, there could be several Perl objects whose 
methods are specific Apache phase handlers designed to manage a user's 
session lifecycle, including: initiating, renewing and terminating the
session.  Each of these objects is an instance of some subclass of 
Apache::SecSess, which treats a particular security paradigm.

=head1 CLASS HIERARCHY

Below is a diagram of the class hierarchy



( run in 1.772 second using v1.01-cache-2.11-cpan-39bf76dae61 )