Menu
>>Home
>>Wiki Home
>>About
>>Main Documentation
>>FAQ
AxKit Guide
>>Tutorials
>>Snippets
>>How-Tos
>>Example Applications
>>Links
Other
>>Live Sites
>>AxKit Wishlist
>>RFCs
>>Likes and Dislikes
>>Todo List
:: Wiki ::
Wed Aug 20 11:47:00 2003

Apache::AxKit::Plugin::Session HowTo

Example: recommended configuration

This configuration leaves everything at it's defaults. It uses cookies if the browser supports them, otherwise it uses URL sessions. This is the most userfriendly setup. The whole site uses session tracking, and the subdirectory /protected/ is only accessible after login. Files in /protected/unprotected_data/ are not protected.

If using v0.93, I you'll need to patch Session.pm and Auth.pm see http://rt.cpan.org/NoAuth/Bugs.html?Dist=Apache-AxKit-Plugin-Session->

preparing directories & permissions

(execute these commands and fill in the appropriate values for "DocumentRoot", "User" and "Group" from your apache config)

cd DocumentRoot

mkdir ../sessions

mkdir ../sessions/locks

chown User.Group ../sessions

chown User.Group ../sessions/locks

mkdir protected

echo "It works!" > protected/index.html

httpd.conf

Add these lines to your existing httpd.conf:

PerlInitHandler Apache::RequestNotes
PerlModule Apache::AxKit::Plugin::Session
PerlSetVar AxKitSessionDir ../sessions
ErrorDocument 403 /redirect?url=/login.xsp
AxAddXSPTaglib AxKit::XSP::Session
AxAddXSPTaglib AxKit::XSP::Auth
AxAddXSPTaglib AxKit::XSP::Global

# the next one is optional, it's just for this example
AxAddXSPTaglib AxKit::XSP::Param
<Location />
  # put this into .htaccess files if you want to
  AuthType Apache::AxKit::Plugin::Session
  AuthName AxKitSession
  PerlAuthenHandler Apache::AxKit::Plugin::Session->authenticate
  PerlAuthzHandler Apache::AxKit::Plugin::Session->authorize
  require valid-user
</Location>

<Location /protected>
  require group users
</Location>
<Location /protected/unprotected_data>
  AuthName None
</Location>

DocumentRoot/login.xsp

Create this file:

<?xml version="1.0" encoding="ISO-8859-1"?>
<xsp:page language="Perl"
 xmlns:xsp="http://www.apache.org/1999/XSP/Core"
 xmlns:auth="http://www.creITve.de/2002/XSP/Auth"
 xmlns:param="http://axkit.org/NS/xsp/param/v1"
 xmlns="http://www.w3.org/1999/xhtml"
>
<html>
<body>
  <xsp:logic>
    if (<auth:is-logged-in/>) {
      <h1>Welcome!</h1>
      <p>You are logged on as: <auth:get-access type="user"/></p>
    } elsif (<param:pass/>) {
      <h1>Login</h1>
      if (<auth:password-matches>
            <auth:clear><param:pass/></auth:clear>
            <auth:encrypted>aaqPiZY5xR5l.</auth:encrypted>
          </auth:password-matches>) {
        <auth:login>
          <auth:access type="user"><param:user/></auth:access>
          <auth:access type="level">42</auth:access>
          <auth:access type="group">users</auth:access>
          <auth:access type="group">testers</auth:access>
          <auth:access type="group">foo</auth:access>
        </auth:login>
      }
      <p>Unknown user or wrong password</p>
    }
    <p>Please enter username and password.</p>
    <form>
      User: <input type="text" name="user"/><br/>
      Password: <input type="password" name="pass"/><br/>
      <input type="submit" value="Login"/><br/>
    </form>
  </xsp:logic>
</body>
</html>
</xsp:page>

Testing it

Access http://your.host/protected/, the login form should appear. Use any user name, use "test" (without quotes) as password and click on the "Login" button. The text "It works!" should appear - voila!

Edit This Page / Show Page History /