[cgiapp] Authentication for AJAX?
jerry
jerry at tr2.com
Wed May 18 10:34:43 EDT 2016
On 05/18/2016 06:17, Brad Van Sickle wrote:
> I might be misunderstanding your problem... but why can't you use the
> CGI::App framework for this? An AJAX request is still a request after
> all.
*** An interesting thought. Instead of having lots of separate AJAX
server-side
files, I would have AJAX rm's in the main file. That could be
beneficial in the
sense of putting everything together in one file.
I wouldn't even necessarily have to change the login functionality on
the server side;
just put that complexity into the javascript and say "If this AJAX
request responds with an
unexpected login screen, then replace the document body with that login
screen".
- Jerry
The way I've handled this in the past is to authenticate the
> session in the prerun hook and if it fails, divert them to a different
> runmode other than the one in the request that simply returns the
> authorization failure message.
>
>
> On 5/17/2016 6:11 PM, jerry wrote:
>> Hello All,
>>
>> I have been using CGI::Application to run my homebrew LAMP tools
>> for
>> several years. Now, I am starting to move away from a pure CGI
>> environment to a bit of AJAX. But I don't want to abandon CGIAPP - I
>> have a large investment in server-side code that uses it.
>>
>> Getting into "a bit of ajax", I have a need to verify login
>> status
>> for AJAX requests. The current login
>> for the CGI stuff is my file called "login.pm", that says "use base
>> CGI::Application". It also uses the Session and Authentication
>> plugins.
>> I am using an SQL store for the session data.
>>
>> It's possible ( and bad! ) for an AJAX request to come in from a
>> station that no longer has a current session - because it has timed
>> out.
>> I need to verify that the station sending the request is currently
>> logged in, and that the user has sufficient permission to perform the
>> action.
>>
>> My first thought was to include the session ID in the AJAX
>> request,
>> and have some code that checks to see if it's a valid session. It
>> would
>> either succeed or fail, and if it failed, it would complain via the
>> AJAX
>> reply - so the user would know that they have to go to their login
>> screen to gain access. Or the client-side javascript could just take
>> them there - that's just details.
>>
>> I can't actually use the Authentication and Session plugins for
>> AJAX
>> authentication - because they're plugins. And I don't want to have
>> runmodes and all the other CGIAPP baggage for my AJAX calls.
>>
>> Ajax authentication checking would have to modify the data in one
>> way
>> - it would need to update the
>> "last accessed" info so my sessions wouldn't time out even though
>> people
>> were doing only AJAX stuff.
>>
>> I think the CGI::Session module should be able to handle reading &
>> writing the database....
>> Has anybody else invented this particular wheel?
>>
>> - Jerry Kaidor
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ##### CGI::Application community mailing list ################
>> ## ##
>> ## To unsubscribe, or change your message delivery options, ##
>> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
>> ## ##
>> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
>> ## Wiki: http://cgiapp.erlbaum.net/ ##
>> ## ##
>> ################################################################
>>
>
>
> ##### CGI::Application community mailing list ################
> ## ##
> ## To unsubscribe, or change your message delivery options, ##
> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> ## ##
> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> ## Wiki: http://cgiapp.erlbaum.net/ ##
> ## ##
> ################################################################
More information about the cgiapp
mailing list