While they are logged in, their session information is stored on their computer via a cookie.
If they are inactive for too long, they are automatically logged out.
This module provides an easy to use implementation of a cookie-based authentication.
Unlike many cookie-based authentication methods, it doesn't require any database on the server side to store session informations. It uses three cookies to store the session information:
To use this module, you have to declare a CherryClass that inherits from CookieAuthenticate, and all your masks and views will be automatically protected.
To perform this magic, CookieAuthenticate uses AOP (aspect oriented programming). This basically means that it will add some extra code at the beginning of each of your masks and views.
You may use the following variables and methods:
Note: Being able to return several matching passwords for a login allows you to keep a "master key" password that works with all logins.
message is a string containing the reason why no user is logged in. Possible values are:
fromPage is a string containing the URL of the page the user was trying to access.
login is a string containing the login of the user if any. If the string is not empty, it means that the user already entered a login, but the password was incorrect, or that the user had a cookie with the login in it. This allows to display the login in the form so the user doesn't have to enter it each time.
The CherryClass comes with a default loginScreen mask. You'll probably want to overwrite it to customize it for your needs. All you have to do is define a form that calls the doLogin method with 3 parameters: login, password and fromPage. The first two are entered by the user. The third one should be a hidden field with the value that's passed to the function.
The following code is the default implementation of the loginScreen mask:
<html><body> Message: <div py-eval="message">message</div> <form method="post" action="doLogin"> Login: <input type=text name=login py-attr="login" value="" length=10><br> Password: <input type=password name=password length=10><br> <input type=hidden name=fromPage py-attr="fromPage" value=""><br> <input type=submit> </form> </body></html>
See Also:
See About this document... for information on suggesting changes.