|
UserSID - Managing of Session IDs for Users on CGI- and console-scripts |
UserSID - Managing of Session IDs for Users on CGI- and console-scripts
To use this modul you should have Digest::SHA1 installed.
use Digest::UserSID;
The modul uses Digest:SHA1 to create and manage user session-id's which are beeing created by sha1, sha1_hex or sha1_base64 .
Session-id's are valid as long a time-range is used or special environment-variables don't change, depending on the used functions. It's possible to use functions in object-oriented style as well as in function-oriented style.
Session-id's can be generated via CGI as well as from console. Using Digest::UserSID to generate secure CGI-session-id's adds the possibility to use environment-variables for identification.
The current version of Digest::UserSID is available at CPAN and at http://cgi.xwolf.com/ .
Digest::UserSID adph Managing session-id's with Digest::SHA1 XWOLF
Creates a new reference for the session id's (SID). It also reads in $UserSID::FILE if possible and saves existing session id's into the hash %UserSID::DATA. Takes a filename in replace for $UserSID::FILE as argument. Example:
use Digest::UserSID;
my $sid = new Digest::UserSID;
my $res = $sid->create($user,$string);
print "key: $sid->{'sha'}\n";
print "time: $sid->{'time'}\n";
dbmopen(%hash,$UserSID::FILE,0644);
%test = %hash;
dbmclose(%hash);
print "Reading UserSID-Data:\n";
my $key;
foreach $key (keys %test) {
print "\t$key: $test{$key}\n";
}
Gets a SID-reference and a string (e.g. a username) as argument and returns a SHA1-string. Additionally the SHA1-string will be saved in the file given in $UserSID::FILE together with the inputstring and the localtime.
Removes all data of a SID from the $UserSID::FILE, making the SID invalid.
$sid->read($loginname), where $loginname is the string for the username and $SID the reference, will return TRUE if this SID was created with $sid-create($loginname) before and the delay between creation and reading is not longer as $UserSID::MAXSECONDS seconds. Also the fields $sid->{'sha'}, $sid->{'time'} and $sid->{'user'} will be filled, where $sid->{'user'} equals $loginname.
This function will update the field $sid->{'time'} to the current localtime.
Returns a session-string that can be used as a session-variable for CGI-scripts. Needs a string, e.g. a username as argument. Example:
my $pass = makewebsid($user);
print "User $user got SID $pass.....";
Checks if the session-string is still valid and if the used environment is still the same as at calling makewebsid(). Example:
if (checkwebsid($user,$pass)) {
print "SID ok\n";
} else {
print "SID invalid.\n";
}
Please note, that checkwebsid() will automatically remove the
saved data of a requested $user, if it's not valid in time anymore.
Returns the username (the string used at makewebsid()) by using
the session-string as argument.
Removes all data for the session-id.
Copyright 1999-2001, Wolfgang Wiese. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Address bug reports and comments to: xwolf@xwolf.com. When sending bug reports, please provide the version of UserSID.pm, the version of Perl and the name and version of the operating system you are using.
Thanks very much to:
the Digest::SHA1 manpage
|
UserSID - Managing of Session IDs for Users on CGI- and console-scripts |