# -/n y2 POST nrmu request from cleared session
# revoke y2
# treat as -/n n POST
+ #
# -/n n GET n cross-site link but user not logged in
# show login form with redirect to orig params
#
=head1 USAGE PATTERN FOR SIMPLE APPLICATIONS
- if ( form submission is login request ) {
- check login details, if wrong print error and quit
- $authreq->record_login(...username...);
- }
- if ( form submission is logout request ) {
- my $logged_out_user = $authreq->logout();
- if (!defined $logged_out_user) {
- print "you are not logged in" error and quit
- } else {
- print "goodbye $username you are now logged out" and quit
- }
- }
- if ( !$authreq->check() ) {
- display login form, quit
+ $authreq->check_ok() or return;
+ blah blah blah
+ $authreq->mutating();
+ blah blah blah
=head1 USAGE PATTERN FOR FANCY APPLICATIONS
- if ( form submission is login request ) {
- check login details, if wrong print error and quit
- $authreq->record_login(...username...);
- }
- if ( !$authreq->check() ) {
- display login form, quit
- if ( form submission is logout request ) {
- die unless $authreq->mutate();
- my $logged_out_user = $authreq->logout();
- if (!defined $logged_out_user) {
- print "you are not logged in" error and quit
- } else {
- print "goodbye $username you are now logged out" and quit
+ my $divert_kind = $authreq->check_divert();
+ if ($divert_kind) {
+ if ($divert_kind eq 'LOGGEDOUT') {
+ print "goodbye you are now logged out" and quit
+ } elsif ($divert_kind eq 'NOCOOKIES') {
+ print "you need cookies" and quit
+ ... etc.
}
}
-
-advantages of cookie
- - user can sort of log out by clearing cookies
- - sophisticated applications can have get-requests
~ian / cgi-auth-flexible.git / blobdiff