[cgiapp] Authentication for AJAX?

Brad Van Sickle bvs7085 at gmail.com
Wed May 18 09:17:38 EDT 2016 

I might be misunderstanding your problem... but why can't you use the 
CGI::App framework for this?  An AJAX request is still a request after 
all.  The way I've handled this in the past is to authenticate the 
session in the prerun hook and if it fails, divert them to a different 
runmode other than the one in the request that simply returns the 
authorization failure message.


On 5/17/2016 6:11 PM, jerry wrote:
> Hello All,
>
>      I have been using CGI::Application to run my homebrew LAMP tools for
> several years.  Now, I am starting to move away from a pure CGI
> environment to a bit of AJAX.  But I don't want to abandon CGIAPP - I
> have a large investment in server-side code that uses it.
>
>      Getting into "a bit of ajax", I have a need to verify login status
> for AJAX requests.  The current login
> for the CGI stuff is my file called "login.pm", that says "use base
> CGI::Application".  It also uses the Session and Authentication plugins.
>    I am using an SQL store for the session data.
>
>      It's possible ( and bad! ) for an AJAX request to come in from a
> station that no longer has a current session - because it has timed out.
>    I need to verify that the station sending the request is currently
> logged in, and that the user has sufficient permission to perform the
> action.
>
>     My first thought was to include the session ID in the AJAX request,
> and have some code that checks to see if it's a valid session.  It would
> either succeed or fail, and if it failed, it would complain via the AJAX
> reply - so the user would know that they have to go to their login
> screen to gain access.  Or the client-side javascript could just take
> them there - that's just details.
>
>     I can't actually use the Authentication and Session plugins for AJAX
> authentication - because they're plugins.  And I don't want to have
> runmodes and all the other CGIAPP baggage for my AJAX calls.
>
>     Ajax authentication checking would have to modify the data in one way
> - it would need to update the
> "last accessed" info so my sessions wouldn't time out even though people
> were doing only AJAX stuff.
>
>     I think the CGI::Session module should be able to handle reading &
> writing the database....
> Has anybody else invented this particular wheel?
>
>                  - Jerry Kaidor
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> #####  CGI::Application community mailing list  ################
> ##                                                            ##
> ##  To unsubscribe, or change your message delivery options,  ##
> ##  visit:  http://lists.openlib.org/mailman/listinfo/cgiapp    ##
> ##                                                            ##
> ##  Web archive:   http://lists.openlib.org/pipermail/cgiapp/   ##
> ##  Wiki:          http://cgiapp.erlbaum.net/                 ##
> ##                                                            ##
> ################################################################
>

More information about the cgiapp mailing list