Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • You don't show a session becoming "un logged in" when a password doesn't match (nor do you show anything about session lifetime). And I would expect to stay on whatever the login page was rather than get redirected on a failed login attempt.
    • Stupid error #372 is posting the corrected code without the bug removed. I meant to post this:

      $self->param("message", "Please enter a valid username and password combination.")
                                      unless $self->session->param("is_logged_in", 1);

      when I originally posted this:

      $self->param("message", "Please enter a valid username and password combination.")
                                      unless $self->session->param("is_logged_in");


      Oops. Perhaps I've worked too long tonight. . .

      To address your other guesses, when a visitor hits the site, we check for an existing session, and if they don't have one, we start a new session (regardless of whether or not they are logged in, because users of this site may or may not have an account) and hand them a cookie with their session ID. When the browser closes, the cookie expires, and when they come back, they get a new session and cookie. I'm not sure if that's good or bad, but so far, it's worked out ok.

      I can see where explicitly marking someone as being not logged in would be a good thing, and I thank you for pointing that out to me. I'm tired and starting to miss stuff.

      As for redirection. . . my login and logout functionality is in one module, and maintenance functions are spread out in a few different modules. These modules check to see whether someone is logged in, and if not redirects them to the login page, and stashes the URL to get back the module in the session. If the login fails, they get redirected back to the maintenance module and back to login. . . I really need to make that less hackish. . .

      Thanks again! :)