CGISession
view release on metacpan or search on metacpan
Session/blib/man3/CGI::Session.3 view on Meta::CPAN
. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.ds oe o\h'-(\w'o'u*4/10)'e
.ds Oe O\h'-(\w'O'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds v \h'-1'\o'\(aa\(ga'
. ds _ \h'-1'^
. ds . \h'-1'.
. ds 3 3
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
. ds oe oe
. ds Oe OE
.\}
.rm #[ #] #H #V #F C
.SH "NAME"
.PP
.Vb 1
\& CGI::Session - CGI cookie authentication against an LDAP database
.Ve
.SH "ABSTRACT"
.PP
.Vb 3
\& Provides a simple API authenticate users against an LDAP server, and then
\& to cache this authentication information between invokations of CGI scripts
\& without sending passwords subsequent to login.
.Ve
.Vb 4
\& The state information is maintained in a combination of a cookie, a database,
\& and a magic passkey which is sent in the contents of the web page. Acquiring
\& the login thus requires stealing both the cookie and a current copy of the
\& web page.
.Ve
.Vb 2
\& CGI::Session also contains a subclass of CGI which transparently injects
\& the passkey into forms. It is strongly suggested that you use this class.
.Ve
.SH "SYNOPSIS"
.Sh "Setting Things Up"
use \s-1CGI::\s0Session;
use \s-1CGI\s0;
.PP
.Vb 3
\& my $cgi = new CGI::Session::CGI;
\& my $session = new CGI::Session( $cgi );
\& $cgi->session( $session );
.Ve
.Vb 8
\& my $session_store = new CGI::Session::CookieJar::DBI;
\& $session_store->set( -cookie_name=>'cookie_name',
\& -username=>'myuser',
\& -password=>'kjsdfdf',
\& -host=>'dbhost',
\& -database=>'mydb',
\& -cookie_table=>'cookiejar' );
\& $session->set( -cookie_jar => $session_store );
.Ve
.Vb 8
\& $session->auth_servers(
\& [ new CGI::Session::LDAPServer(
\& 'ldap.server.my.domain', # host
\& 389, # port
\& 'ou=my,ou=domain', # root
\& 'ou=people,ou=my,ou=domain' # base
\& 'uid=$username,ou=people,ou=my,ou=domain' # bind
\& ) ] );
.Ve
.Vb 1
\& $session->open;
.Ve
.Sh "Performing the Initial Login"
.PP
.Vb 2
\& my $action = $cgi->param('action');
\& my $passkey = $cgi->param('passkey');
.Ve
.Vb 8
\& if ( defined $action and $action eq 'Log In' )
\& {
\& my $username = $cgi->param('username');
\& my $password = $cgi->param('password');
\& if ( $session->authenticated( $username, $password ) )
\& {
\& $session->set_passkey( $user );
\& $session->set_login_cookie( $user );
.Ve
.Vb 5
\& # Notice that we use $session->header and not $cgi->header
\& #
\& print $session->header();
\& print $cgi->start_html( 'Login Succeeded' );
\& ...
.Ve
.Vb 4
\& # The passkey is sent via the cgi wrapper.
( run in 1.701 second using v1.01-cache-2.11-cpan-5a3173703d6 )