use MyLibrary::Auth; # create a new authentication object my $auth = MyLibrary::Auth->new(); my $auth = MyLibrary::Auth->new(sessid => $sessid); # access session attributes my $sessid = $auth->sessid(); my $status = $auth->status(); my $username = $auth->username(); # place session cookie $auth->place_cookie(); # remove session cookie $auth->remove_cookie(); # close a session $auth->close_session();
This is the user authentication system for MyLibrary. The parent module, Auth.pm, references several child modules that implement various types of authentication methods. The functionality associated with creating an authentication object and then performing auth functions against it is uniform for each type of authentication. This module encapsulates data somewhat tightly in order to protect the privacy and security of the user. This module assumes authentication through a web browser, however, the module could also be used for simple authentication in almost any context.
This system uses CGI sessions to maintain state. Several pieces of data are stored in the session ticket. Except for Basic authentication, the password for the user is never recorded. If this module is used for web authentication, then HTTPS should also be used for encryption. This authentication system is designed to be extensible. Several modules will be written that inherit from this parent class. Child classes include Kerberos, Basic and LDAPS as various means to perform authentication. However, the system can easily be extended to include other authentication means.
This is the constructor for the class. It creates an object with a default set of attributes if no session id is supplied, and initializes the attributes according to session data previously saved if a session id is supplied. This object uses encapsulated data, so the only means to manipulate session variables is via the supplied API. This is done for security reasons and to help maintain data integrity.
# create a new auth object my $auth = MyLibrary::Auth->new(); # create an auth object based upon session id my $auth = MyLibrary::Auth->new(sessid => $sessid);
Get the session id for the current auth object. This method cannot set the session id, only retrieve it.
# get the session id my $sessid = $auth->sessid();
Retrieve the status for this session. There are several status indicators based upon whether or not the user was able to successfully authenticate or is in the process of authentication. The state of authentication status can only be changed internal to the object itself.
# status info my $status = $auth->status();
The username is the name entered for authentication purposes and is retained throughout the life of the session. This is used to identify who the last person was to authenticate from the host where authentication was initiated.
# username my $username = $auth->username();
This method will return a header used to place a cookie with the browser initiating the authentication request.
# place a cookie my $place_cookie_header = $auth->place_cookie();
This method return a header that will delete a cookie from the browser for the current session. This usually occurs when the user indicate that they would like their session terminated.
# delete a cookie my $remove_cookie_header = $auth->remove_cookie();
This method will delete the session object from the database, and it will no longer be accessible using the session id.
# close the session $auth->close_session()
For more information, see the MyLibrary home page: http://dewey.library.nd.edu/mylibrary/.
Robert Fox <email@example.com>