/ 
AxKit-XSP-BasicSession-0.22
River stage zero No dependents
/ AxKit::XSP::BasicAuth

NAME

AxKit::XSP::BasicAuth - Tag library for basic cookie-based authentication.

SYNOPSIS

Add the session: namespace to your XSP <xsp:page> tag:

<xsp:page
     language="Perl"
     xmlns:xsp="http://apache.org/xsp/core/v1"
     xmlns:auth="http://www.nichework.com/2003/XSP/BasicAuth"
     xmlns:session="http://www.axkit.org/2002/XSP/BasicSession">

And add this taglib to AxKit (via httpd.conf or .htaccess):

SetHandler AxKit
PerlModule Apache::AxKit::Plugin::BasicAuth

<Location />
  AuthType Apache::AxKit::Plugin::BasicAuth
  AuthName BasicSession
</Location>
<Location /style>
  require valid-user
</Location>

# Session Management
AxAddPlugin Apache::AxKit::Plugin::BasicSession
PerlSetVar BasicSessionDataStore DB_File
PerlSetVar BasicSessionArgs      "FileName => /tmp/session"

AxAddPlugin Apache::AxKit::Plugin::BasicSession
AxAddPlugin Apache::AxKit::Plugin::AddXSLParams::BasicSession

# Authentication
PerlSetVar BasicSessionLoginScript /login

DESCRIPTION

This taglib provides simple form-and-cookie based authentication using Apache::Session and Apache::AuthCookie.

In the tag reference below, AuthNameToken designates the name given for AuthName.

Tag Reference

<auth:login>

Attempt to log the user in.

Typically, the page you set in AuthNameTokenLoginScript is an XSP page that uses a form built with PerForm to check the user. After verifying the identity of the user (e.g. in start_submit), you will have use this tag tell BasicAuth that the user is authenticated and that the username/password information should be stored in the session.

In constructing your form, it is important to understand that BasicAuth is expecting your username to be in a form field called credential_0. That is the only required form field name, but if other fields are named in the credential_? format, the will be stored in the session information as well. This allows you to store the plaintext user password in credential_1 if you need access to it (among other things).

<auth:logout>

Log the user out. This is done by removing any keys that match the credential_\d+ regular expression from the session information.

<auth:get-username>

Returns the username that was used to log in.

<auth:is-logged-in>

Returns true if the page if the session contains a logged in user.

AUTHOR

Mark A. Hershberger, mah@everybody.org

COPYRIGHT

Copyright (c) 2003 Mark A. Hershberger. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

AxKit, Apache::Session, AxKit::XSP::Session, AxKit::XSP::BasicSession

Cocoon2 Session Taglib (http://xml.apache.org/cocoon2/userdocs/xsp/session.html)