LibWeb:: - Sessions management for libweb applications


NAME

LibWeb:: - Sessions management for libweb applications


SUPPORTED PLATFORMS

BSD, Linux, Solaris and Windows.


REQUIRE


ISA


SYNOPSIS

  use LibWeb::Session;
  my $s = new LibWeb::Session();
  my ($user_name, $user_id) = $s->get_user();
  #or
  my ($user_name, $user_id)
      = $s->get_user( -is_update_db => 1 );


ABSTRACT

This class manages session authentication after the remote user has logged in.

The current version of LibWeb::Session is available at

   http://libweb.sourceforge.net

Several LibWeb applications (LEAPs) have be written, released and are available at

   http://leaps.sourceforge.net


TYPOGRAPHICAL CONVENTIONS AND TERMINOLOGY

Variables in all-caps (e.g. MAX_LOGIN_ATTEMPT_ALLOWED) are those variables set through LibWeb's rc file. Please read the LibWeb::Core manpage for more information. All `error/help messages' mentioned can be found at the LibWeb::HTML::Error manpage and they can be customized by ISA (making a sub-class of) LibWeb::HTML::Default. Please see the LibWeb::HTML::Default manpage for details. Method's parameters in square brackets means optional.


DESCRIPTION

METHODS

get_user()

Check to see if the viewing Web browser has logged in by checking expiration time, IP and MAC in the authentication cookie, and return the user name and the user ID if it passes all the authentication checks.

Params:

  [ -no_auth=>, -mac_mismatch=>, -ip_mismatch=>,
    -expired=>, -is_update_db=> ]

Pre:

Post:

Note:

USER_LOG_TABLE.NUM_LOGIN_ATTEMPT != 0 && != LOGIN_INDICATOR means there were several attempts to login but unsuccessful solely because incorrect password were entered by the remote user. You need to re-flush database's USER_LOG_TABLE.NUM_LOGIN_ATTEMPT to 0 manually after receiving the alert e-mail if this value == MAX_LOGIN_ATTEMPT_ALLOWED; otherwise, the user will never be able to sign into your site even he/she enters the correct password afterwards.

DEPRECATED METHODS

is_login()

Note:

This method is deprecated as of LibWeb-0.02. You are encouraged to use get_user() instead. is_login() is mainly for backward compatible with client codes written using LibWeb-0.01.

Params:

  [ is_just_logged_in ]

Pre:

Post:

Note: USER_LOG_TABLE.NUM_LOGIN_ATTEMPT != 0 && != LOGIN_INDICATOR means there were several attempts to login but unsuccessful solely because incorrect password were entered by the remote user. You need to re-flush NUM_LOGIN_ATTEMPT to 0 manually after 24 hours (no rigorous reason why it should be 24 hours) of receiving the alert e-mail if this value == MAX_LOGIN_ATTEMPT_ALLOWED.


AUTHORS

Colin Kong (colin.kong@toronto.edu)


CREDITS


BUGS


SEE ALSO

the LibWeb::Admin manpage, the LibWeb::Core manpage, the LibWeb::Crypt manpage the LibWeb::Digest manpage.

 LibWeb:: - Sessions management for libweb applications