SPUG: Perl CGI session authentication
breno at rio.pm.org
Fri Dec 12 04:06:52 PST 2008
On Fri, Dec 12, 2008 at 7:05 AM, Christopher Howard <choward at indicium.us> wrote:
> Hi. I'm about to code the admin interface for this little music database web
> app I'm working on. I need to decide how I want to handle the authentication
> for the admin who logs in. In the past I've used .htaccess files for httpd
> authentication, but I was thinking I would like to do authentication with
> CGI this time. That is, sending the password over CGI, then having a session
> ID generated, storing a session ID in a cookie, and that sort of thing.
> Is there any cool modules or packages which make that sort of thing fairly
> easy? Most of it doesn't sound too hard... however, keeping track of the
> sessions and session IDs sounds kind of complicated.
> I didn't want anything real complicated... But I've seen Perl blog software
> like Moveable Type, which stores the password in a config file, and doesn't
> utilize .htaccess-style authentication. (I'm trying to look through the
> Moveable Type code to see how they do it, but their code is pretty
> complicated and I haven't even figured out where to look yet.)
> I've done a fair amount of googling, but I'm having trouble narrowing down
> the search to what I'm looking for.
When looking for nice Perl modules, you should try CPAN instead of google ;-)
I believe CGI::Session might be what you want, or the higher-level
CGI::Session::Auth. You should also check CGI::Auth out. (just so you
know, I haven't actually tested any of those).
More information about the spug-list