The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
AxKit-XSP-BasicSession-0.22
River stage zero No dependents
++
/ AxKit::XSP::BasicAuth

NAME

AxKit::XSP::BasicAuth - Tag library for basic cookie-based authentication.

SYNOPSIS

Add the session: namespace to your XSP <xsp:page> tag:

    <xsp:page
         language="Perl"
         xmlns:xsp="http://apache.org/xsp/core/v1"
         xmlns:auth="http://www.nichework.com/2003/XSP/BasicAuth"
         xmlns:session="http://www.axkit.org/2002/XSP/BasicSession">

And add this taglib to AxKit (via httpd.conf or .htaccess):

    SetHandler AxKit
    PerlModule Apache::AxKit::Plugin::BasicAuth

    <Location />
      AuthType Apache::AxKit::Plugin::BasicAuth
      AuthName BasicSession
    </Location>
    <Location /style>
      require valid-user
    </Location>

    # Session Management
    AxAddPlugin Apache::AxKit::Plugin::BasicSession
    PerlSetVar BasicSessionDataStore DB_File
    PerlSetVar BasicSessionArgs      "FileName => /tmp/session"

    AxAddPlugin Apache::AxKit::Plugin::BasicSession
    AxAddPlugin Apache::AxKit::Plugin::AddXSLParams::BasicSession

    # Authentication
    PerlSetVar BasicSessionLoginScript /login

DESCRIPTION

This taglib provides simple form-and-cookie based authentication using Apache::Session and Apache::AuthCookie.

In the tag reference below, AuthNameToken designates the name given for AuthName.

Tag Reference

<auth:login>

Attempt to log the user in.

Typically, the page you set in AuthNameTokenLoginScript is an XSP page that uses a form built with PerForm to check the user. After verifying the identity of the user (e.g. in start_submit), you will have use this tag tell BasicAuth that the user is authenticated and that the username/password information should be stored in the session.

In constructing your form, it is important to understand that BasicAuth is expecting your username to be in a form field called credential_0. That is the only required form field name, but if other fields are named in the credential_? format, the will be stored in the session information as well. This allows you to store the plaintext user password in credential_1 if you need access to it (among other things).

<auth:logout>

Log the user out. This is done by removing any keys that match the credential_\d+ regular expression from the session information.

<auth:get-username>

Returns the username that was used to log in.

<auth:is-logged-in>

Returns true if the page if the session contains a logged in user.

AUTHOR

Mark A. Hershberger, mah@everybody.org

COPYRIGHT

Copyright (c) 2003 Mark A. Hershberger. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

AxKit, Apache::Session, AxKit::XSP::Session, AxKit::XSP::BasicSession

Cocoon2 Session Taglib (http://xml.apache.org/cocoon2/userdocs/xsp/session.html)