two cookies complicated api
clearing cookies always logs out
+
+
+----------------------------------------
+
+app supplies
+
+ - func to tell whether it's a login form,
+ defaults to password form field
+ - func to check login details
+ - func to tell whether it's a logout form,
+ defaults to logout action form field list
+ - func to tell whether it's programmatic
+ defaults to always false, somewhat poor EH
+
+we supply
+
+ - thing to call right at the beginning,
+ tells app to divert to one of
+ just logged out page
+ cookies disabled page
+ stale form login form
+ login form
+ "session interrupted"
+ a redirect
+
+ - version of the above which deals with the request
+
+ - thing which app must call when mutating
+ (alternatively app must check that method is POST for mutates)
+ (alternatively.2 every GETs is decreed to produce a login form)
=head1 USAGE PATTERN FOR SIMPLE APPLICATIONS
- if ( form submission is login request ) {
- check login details, if wrong print error and quit
- $authreq->record_login(...username...);
- }
- if ( form submission is logout request ) {
- my $logged_out_user = $authreq->logout();
- if (!defined $logged_out_user) {
- print "you are not logged in" error and quit
- } else {
- print "goodbye $username you are now logged out" and quit
- }
- }
- if ( !$authreq->check() ) {
- display login form, quit
+ $authreq->check_ok() or return;
+ blah blah blah
+ $authreq->mutating();
+ blah blah blah
=head1 USAGE PATTERN FOR FANCY APPLICATIONS
- if ( form submission is login request ) {
- check login details, if wrong print error and quit
- $authreq->record_login(...username...);
- }
- if ( !$authreq->check() ) {
- display login form, quit
- if ( form submission is logout request ) {
- die unless $authreq->mutate();
- my $logged_out_user = $authreq->logout();
- if (!defined $logged_out_user) {
- print "you are not logged in" error and quit
- } else {
- print "goodbye $username you are now logged out" and quit
+ my $divert_kind = $authreq->check_divert();
+ if ($divert_kind) {
+ if ($divert_kind eq 'LOGGEDOUT') {
+ print "goodbye you are now logged out" and quit
+ } elsif ($divert_kind eq 'NOCOOKIES') {
+ print "you need cookies" and quit
+ ... etc.
}
}
-
-advantages of cookie
- - user can sort of log out by clearing cookies
- - sophisticated applications can have get-requests
--- /dev/null
+ if ( form submission is login request ) {
+ check login details, if wrong print error and quit
+ $authreq->record_login(...username...);
+ }
+ if ( !$authreq->check() ) {
+ display login form, quit
+
+
+ if ( form submission is login request ) {
+ check login details, if wrong print error and quit
+ $authreq->record_login(...username...);
+ }
+ if ( form submission is logout request ) {
+ die unless $authreq->mutate();
+ my $logged_out_user = $authreq->logout();
+ if (!defined $logged_out_user) {
+ print "you are not logged in" error and quit
+ } else {
+ print "goodbye $username you are now logged out" and quit
+ }
+ }
+ if ( !$authreq->check() ) {
+ display login form, quit
+
+
+advantages of cookie
+ - user can sort of log out by clearing cookies
+ - sophisticated applications can have get-requests
+
+