1.4.1 Module

A cookie-based authentication allows website users to login/logout using a username and a password.

While they are logged in, their session information is stored on their computer via a cookie.

If they are inactive for too long, they are automatically logged out.

This module provides an easy to use implementation of a cookie-based authentication.

This module is quite different from the CookieAuthenticate module because the login/password is only checked once (when the user first loggs in) and then the fact that this user is logged in is stored as a session.

To use this module, you have to declare a CherryClass that inherits from CookieSessionAuthenticate, and all your masks and views will be automatically protected.

To perform this magic, CookieSessionAuthenticate uses AOP (aspect oriented programming). This basically means that it will add some extra code at the beginning of each of your masks and views.

You may use the following variables and methods:

variable: sessionIdCookieName
String containing the name of the cookie where the login/session informations are stored. (default value is CherrySessionId)
variable: timeout
Integers containing the timeout in minutes. If the user is inactive for that time, it will automatically be logged out. Default value ie 60. Set it to 0 if you want no timeout.

function: isGoodLoginAndPassword(login, password)
This is where you specify what the valid login/password combinations are. This method should return 1 if the login/password combination is valid, 0 otherwise.

mask or view: loginScreen(message, fromPage, login='')
This is the page that is displayed when the user tries to access a protected page without being logged in.

message is a string containing the reason why no user is logged in. Possible values are:

fromPage is a string containing the URL of the page the user was trying to access.

login is a string containing the login of the user if any. If the string is not empty, it means that the user already entered a login, but the password was incorrect, or that the user had a cookie with the login in it. This allows to display the login in the form so the user doesn't have to enter it each time.

The CherryClass comes with a default loginScreen mask. You'll probably want to overwrite it to customize it for your needs. All you have to do is define a form that calls the doLogin method with 3 parameters: login, password and fromPage. The first two are entered by the user. The third one should be a hidden field with the value that's passed to the function.

The following code is the default implementation of the loginScreen mask:

<html><body>
    Message: <div py-eval="message">message</div>
    <form method="post" action="doLogin">
        Login: <input type=text name=login py-attr="login" value="" length=10><br>
        Password: <input type=password name=password length=10><br>
        <input type=hidden name=fromPage py-attr="fromPage" value=""><br>
        <input type=submit>
    </form>
</body></html>

mask or view: logoutScreen()
This page is displayed after the user logged out. This method is called by the doLogout method. You may overwrite it to suit your needs.

view: doLogout()
This is the mask or view you should call to perform a logout. This method performs the logout, and then calls the logoutScreen method to display the logout screen.

variable: login
String containing the login of the user that is logged in. The string is empty if no-one is logged in.

See Also:

Module CookieAuthenticate:
Cookie-based authentication.
Module HttpAuthenticate:
Basic HTTP authentication.

See About this document... for information on suggesting changes.