UserLogin - User/Session Management
This package handles session management in the typical Web way: user logs in, a session key is generated and dropped as a cookie on the hard drive. Susbsequent requests use that session key to validate the user. Logging out destroys this session key.
UserLogin gives you a hash of session data (name/value pairs) that stays the same throughout the user's session (time between logging in/logging out). Each user has his own similar data which you can retrieve using the package, as well. All this information is stored in the database and cached by UserLogin for faster access.
The system is configured via the database, and system-wide parameters can be easily read and changed from Perl (this allows you to use the system-wide stuff for your own system-wide variables).
UserLogin works with Mason, straight Perl, and (theoretically) CGI.
This package is licensed under the same terms as Mason itself. (The Artistic license.)
SourceForge Stuff
Kindly hosted by
SourceForge is kind of confusing, so here's a list of the places you probably want to go.
- Download: The latest releases are here. We simultaneously release them at Mason HQ.
- Mailing List: You can subscribe or look at archives here. This is your Best Hope for help. We don't bite, try us :)
- Bugs: Click "Submit New" to submit a bug.
- Feature Requests: Click "Submit New" to submit a feature request.
- CVS: For brave souls. We actually try to keep the releases pretty up to date, so you shouldn't have to use this unless you have a problem or you want to help us test.
Changes
Version | Date | Description |
Sep 6 2001 |
0.6.2 |
- Mason permissions checking bugfix
|
Sep 4 2001 |
0.6.1 |
- Zero admin fix
- Cache size bugfix
|
Sep 3 2001 |
0.6 |
"Zero Administration" Version
- Remove need for $sys and $session to be global
- Make Perl script to perform all DB setup tasks
- Add grant capability to SQL
- Add host and port parameters for Postgres
- Allow table name prefixes to be user-configurable
- Arguments to new UserLogin::Postgres are now a hash for easier overriding
|
Aug 20 2001 |
0.5.2.1 |
|
Aug 14 2001 |
0.5.2 |
- Fixed bug with timing on storing hashes in DB
- Get rid of warnings on
perl Makefile.PL
- Added backward support for Postgres 7.0.2
|
Aug 10 2001 |
0.5.1 |
- Backward support for Perl 5
|
Aug 9 2001 |
0.5 |
First public release, full functionality |
Features
- Ease of use (no customization necessary except in autohandler, It Just Works (TM))
- Handles session and user information in hashes that are tied to the database
- Handles logging in/out and registering
- Simple, customizable permission checking (who can view this page)
- Allows full customization of all HTML that shows up
- Caches information for faster access
- Configurable (configuration in database)
- Works with Postgres (easily extensible to other databases)
- Does *not* use Apache::Session, but session interface is the same
- Store Perl hashes and arrays in user and session variables (yay!)
- Works with Mason (yay)
Basic session management info:
- If you're not logged in, an anonymous session will be automatically created
- Login and register can happen anywhere, even in the middle of a transaction, and control will be passed to the page that was called after the session is created. (Useful in sites where you want people not to have to log in until the last minute, so as not to discourage them from buying things, for example.)
- Logging in copies all session variables from anonymous session to the user's sessoin.
- Logging out (or logging in to a different user) does *not* copy session variables over so that you can't get somebody's information, even inadvertently.
- When session times out, a login page is displayed and once the user logs in, the page will continue as normal.
Installation
The system is separated into two parts: the base Perl library (which Mason calls to do most of the user and session data handling) and the Mason library and SQL.
Perl library
tar xzvf UserLogin-0.6.tar.gz
cd UserLogin-0.6
perl Makefile.PL
make
make install
SQL
cd sql
setup-postgres.pl <your db name>
Sample App
- Put all files from
mason
into a directory that will run Mason.
- Modify all instances of
/~john/userlogin
in autohandler
to the path of your directory from the browser.
- Try it out and have fun!
Usage
Integrating into your app or starting a new app
- Copy mason/session and mason/util to a Mason directory of your choice (it doesn't matter where).
- Copy mason/login, logout, and register to your application directory.
- Copy the top of the mason/autohandler into your autohandler, down to the STUFF TO OVERRIDE IN CHILDREN comment. Customize init, header and footer as desired.
- Change the path and db attributes in autohandler to the path of your app (from the webserver, usually just "/") and database (same database as the SQL step)
- Write pages to your heart's content, using
$session
and $sys->{users}{$session->{_user_id}}
as the session hash and user hash, respectively.
That is enough to get it up and running and pretty darn functional.
TODO
-
- Make the cache a little *ahem* smarter and smaller. Right now it will
get large (and slow) on systems with many users and sessions. This is
my design goof. The interface won't change when I change it, though.
Cache is completely transparent.
- Add attribute to specify pages that will automatically log you out to
anonymous if you are timed out on them (alternative: allow "shadow
sessions" that carry your anonymous as well as user data until you log
back in)
- Not all database configuration parameters are used yet, and cache
timeout parameters need to be there.
- Make the system support passing session_id around as a parameter instead of cookie (probably use filters for this)
- Documentation (yay)
By John Keiser of WrightHaven.