AxKit session plugin and automatic login

Hello.

I'm new to this list (hello) and fairly new in my job, which
I took over 
from a regular poster to this list. I've found my way around
AxKit pretty 
well, but now I want to make some big changes to the website
and I'm 
getting a bit stuck. Perhaps just stuck in my own thoughts,
but still, you 
might be able to help me. 

The website currently logs users off after 30 minutes of
inactivity and if 
they come back after that, they need to log in again. We
want to make them 
log in automatically upon returning (if they have agreed to
that, of 
course). Now it's not very hard to do that, but I want this
to be done 
_before_ the server decides whether the user has access to
the page at 
all.
We use the Apache::AxKit::Plugin::Session plugin to decide
which users can 
see which pages. I would like it to be so that users that
use a direct 
link/bookmark to a 'restricted' page to which they have
access to, the 
server would log them in, recognize they do have access to
the page they 
try to view, process the page and return it to the user('s
browser).

Would something like this be possible?

(An alternative -that I just thought of while typing this-
would be the 
following sequence: 'anonymous' user tries to access
restricted page -> 
redirected to general login page -> user is logged in
there (by server) -> 
appears to have access after all -> is redirected back to
original page. 
Any thoughts on this? It seems a bit complicated and -if for
some reason 
the automatic login fails- the risk of the user ending up in
an infinite 
loop seems likely.)

Thanks. (And sorry if this is a silly question/not very
on-topic.)

Martijn

-- 
Martijn Grooten
Web Developer
 
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP,
England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.

martijn.grootenvirusbtn.com wrote:
> Hello.
> 
> I'm new to this list (hello) and fairly new in my job,
which I took over 
> from a regular poster to this list. I've found my way
around AxKit pretty 
> well, but now I want to make some big changes to the
website and I'm 
> getting a bit stuck. Perhaps just stuck in my own
thoughts, but still, you 
> might be able to help me. 
> 
> The website currently logs users off after 30 minutes
of inactivity and if 
> they come back after that, they need to log in again.
We want to make them 
> log in automatically upon returning (if they have
agreed to that, of 
> course). Now it's not very hard to do that, but I want
this to be done 
> _before_ the server decides whether the user has access
to the page at 
> all.
> We use the Apache::AxKit::Plugin::Session plugin to
decide which users can 
> see which pages. I would like it to be so that users
that use a direct 
> link/bookmark to a 'restricted' page to which they have
access to, the 
> server would log them in, recognize they do have access
to the page they 
> try to view, process the page and return it to the
user('s browser).
> 
> Would something like this be possible?

Yes, but I honestly think you'll have to drop out of
A:A:P::Session to 
do it. Write your own cookie handler (it's not hard) in
basic mod_perl, 
and use that up front of AxKit to determine all this stuff.
You then 
have full control and aren't giving anything up to a
pre-built framework 
that has pre-conceived ideas about how expiration should
work.

When I write stuff like this I usually consult Doug
MacEachern's book - 
Writing Apache Modules in Perl and C. It has some very
copyable code for 
setting/getting cookies for session data.

Matt.

------------------------------------------------------------
---------
To unsubscribe, e-mail: axkit-users-unsubscribeaxkit.org
For additional commands, e-mail: axkit-users-helpaxkit.org