FAQ
I didn't find a Catalyst plugin that would transparently deal with
persistent logins. Is there one? If not, what's the recommended way to
enable persistent logins in a Catalyst-driven website?

Thanks.

--
-----------------------------------------------------
Evaldas Imbrasas
http://www.imbrasas.com

Search Discussions

  • Aristotle Pagaltzis at May 15, 2007 at 11:32 pm

    * Evaldas Imbrasas [2007-05-16 00:25]:
    I didn't find a Catalyst plugin that would transparently deal
    with persistent logins. Is there one? If not, what's the
    recommended way to enable persistent logins in a
    Catalyst-driven website?
    What?s a persistent login?

    Regards,
    --
    Aristotle Pagaltzis // <http://plasmasturm.org/>
  • Evaldas Imbrasas at May 15, 2007 at 11:45 pm
    Persistent login is the one that lasts longer than a session. When a
    user logs in, she gets an option to be remembered for a given period
    of time. If this user comes back within that period of time, she is
    auto-logged in. A good example for this is mail.yahoo.com.

    On 5/15/07, A. Pagaltzis wrote:
    * Evaldas Imbrasas [2007-05-16 00:25]:
    I didn't find a Catalyst plugin that would transparently deal
    with persistent logins. Is there one? If not, what's the
    recommended way to enable persistent logins in a
    Catalyst-driven website?
    What's a persistent login?

    Regards,
    --
    Aristotle Pagaltzis // <http://plasmasturm.org/>

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/

    --
    -----------------------------------------------------
    Evaldas Imbrasas
    http://www.imbrasas.com
  • Wade Stuart at May 15, 2007 at 11:55 pm

    "Evaldas Imbrasas" <evaldas@imbrasas.com> wrote on 05/15/2007 05:45:11 PM:

    Persistent login is the one that lasts longer than a session. When a
    user logs in, she gets an option to be remembered for a given period
    of time. If this user comes back within that period of time, she is
    auto-logged in. A good example for this is mail.yahoo.com.
    I do not know what you mean "lasts longer then a session" -- http is
    stateless, if you want state (such as logged in and authorized) you need
    some sort of session (cookie, uri, hiddenform,...).

    http://search.cpan.org/~mramberg/Catalyst-Plugin-Session-0.14
    /lib/Catalyst/Plugin/Session.pm
  • Mla at May 16, 2007 at 12:07 am

    Wade.Stuart@fallon.com wrote:
    "Evaldas Imbrasas" <evaldas@imbrasas.com> wrote on 05/15/2007 05:45:11 PM:
    Persistent login is the one that lasts longer than a session. When a
    user logs in, she gets an option to be remembered for a given period
    of time. If this user comes back within that period of time, she is
    auto-logged in. A good example for this is mail.yahoo.com.
    I do not know what you mean "lasts longer then a session" -- http is
    stateless, if you want state (such as logged in and authorized) you need
    some sort of session (cookie, uri, hiddenform,...).

    http://search.cpan.org/~mramberg/Catalyst-Plugin-Session-0.14
    /lib/Catalyst/Plugin/Session.pm
    I think the OP means an auto login facility where you have a persistent
    cookie. On session initialization, if the persistent cookie is present,
    you automatically authenticate the user. Usually the cookie value is
    a hard to guess string (SHA1 or MD5 hash) so it becomes a password
    equivalent. That value is looked up in the db (or wherever) to map it
    back to the original user id it was assigned to.

    Maurice
  • Evaldas Imbrasas at May 16, 2007 at 12:18 am

    I do not know what you mean "lasts longer then a session" -- http is
    stateless, if you want state (such as logged in and authorized) you need
    some sort of session (cookie, uri, hiddenform,...).
    I am already using standard Catalyst plugins that handle sessions and
    authentication. I set sessions to expire after 1 hour of inactivity.
    What I'm looking for is the ability to auto-login users when they come
    back after, say, 1 week, when their previous session is long expired.

    Usually, this is achieved by setting a persistent cookie (lasting for
    N days) when the user logs in, and storing either user ID, username, a
    random token, or a combination of all of those in an encrypted form in
    that cookie. Of course, users would have to explicitly log in to
    access the sensitive parts of the website.

    --
    -----------------------------------------------------
    Evaldas Imbrasas
    http://www.imbrasas.com
  • Jonathan Rockway at May 16, 2007 at 12:58 am

    On Tuesday 15 May 2007 06:19:02 pm Evaldas Imbrasas wrote:
    I do not know what you mean "lasts longer then a session" -- http is
    stateless, if you want state (such as logged in and authorized) you need
    some sort of session (cookie, uri, hiddenform,...).
    I am already using standard Catalyst plugins that handle sessions and
    authentication. I set sessions to expire after 1 hour of inactivity.
    What I'm looking for is the ability to auto-login users when they come
    back after, say, 1 week, when their previous session is long expired.
    Use the session plugin and set the session expiration to ... 1 week. If some
    data needs to expire sooner than that ... expire it sooner than that.

    Here's what I would do. Create a session and log the user in. Store a "last
    login" time in the user_class. If the last_login (or last_activity;
    whatever) is too long ago, delete data from the session and start over.

    Another thing you could do is to set a cookie with the user's login name, and
    use that to pre-fill the username box on the login page, etc.

    Am I missing something here?

    --
    package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do {
    $,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //,
    ";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup;
  • Evaldas Imbrasas at May 16, 2007 at 2:47 am

    On 5/15/07, Jonathan Rockway wrote:
    Use the session plugin and set the session expiration to ... 1 week. If some
    data needs to expire sooner than that ... expire it sooner than that.

    Here's what I would do. Create a session and log the user in. Store a "last
    login" time in the user_class. If the last_login (or last_activity;
    whatever) is too long ago, delete data from the session and start over.
    Yep, makes sense. However, even in that case, I was hoping that the
    standard session/auth plugins would support this functionality without
    doing anything additional in my Controller::Auth, i.e.:

    if ($c->req->params->{login_remember}) {
    $c->login($email, $password, $expires_long);
    } else {
    $c->login($email, $password, $expires_short);
    }

    Am I wrong in thinking that pretty much any decent login system has to
    support this anyway?.. (This is my first Catalyst project, so I
    wouldn't be surprised if there's a one-liner out there that would
    solve this problem without a need for the above - sorry if that's the
    case.)

    --
    -----------------------------------------------------
    Evaldas Imbrasas
    http://www.imbrasas.com
  • Michael Reece at May 16, 2007 at 6:28 pm
    there's no especially sane way to extend the session cookie on a per-
    user basis that i have found.


    here is a hack that i am experimenting with:

    if ($c->login($username, $password)) {
    $c->session->{remember_me} = $c->req->params->{remember_me};
    # ...
    }

    and in package MyApp.pm (or a plugin or a subclass of the
    State::Cookie plugin or ...)

    sub calculate_session_cookie_expires {
    my $c = shift;
    return $c->session->{remember_me}
    ? time() + 60 * 60 * 24 * 90 # 90 days
    : $c->NEXT::calculate_session_cookie_expires(@_);
    }

    On May 15, 2007, at 6:47 PM, Evaldas Imbrasas wrote:
    On 5/15/07, Jonathan Rockway wrote:
    Use the session plugin and set the session expiration to ... 1
    week. If some
    data needs to expire sooner than that ... expire it sooner than that.

    Here's what I would do. Create a session and log the user in.
    Store a "last
    login" time in the user_class. If the last_login (or last_activity;
    whatever) is too long ago, delete data from the session and start
    over.
    Yep, makes sense. However, even in that case, I was hoping that the
    standard session/auth plugins would support this functionality without
    doing anything additional in my Controller::Auth, i.e.:

    if ($c->req->params->{login_remember}) {
    $c->login($email, $password, $expires_long);
    } else {
    $c->login($email, $password, $expires_short);
    }

    Am I wrong in thinking that pretty much any decent login system has to
    support this anyway?.. (This is my first Catalyst project, so I
    wouldn't be surprised if there's a one-liner out there that would
    solve this problem without a need for the above - sorry if that's the
    case.)

    --
    -----------------------------------------------------
    Evaldas Imbrasas
    http://www.imbrasas.com

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/
    catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    ---
    michael reece :: software engineer :: mreece@vinq.com
  • Kieren Diment at May 22, 2007 at 1:25 am

    On 17/05/07, Michael Reece wrote:
    there's no especially sane way to extend the session cookie on a per-
    user basis that i have found.


    here is a hack that i am experimenting with:

    if ($c->login($username, $password)) {
    $c->session->{remember_me} = $c->req->params->{remember_me};
    # ...
    }

    and in package MyApp.pm (or a plugin or a subclass of the
    State::Cookie plugin or ...)

    sub calculate_session_cookie_expires {
    my $c = shift;
    return $c->session->{remember_me}
    ? time() + 60 * 60 * 24 * 90 # 90 days
    : $c->NEXT::calculate_session_cookie_expires(@_);
    }

    On May 15, 2007, at 6:47 PM, Evaldas Imbrasas wrote:
    On 5/15/07, Jonathan Rockway wrote:
    Use the session plugin and set the session expiration to ... 1
    week. If some
    data needs to expire sooner than that ... expire it sooner than that.

    Here's what I would do. Create a session and log the user in.
    Store a "last
    login" time in the user_class. If the last_login (or last_activity;
    whatever) is too long ago, delete data from the session and start
    over.
    Yep, makes sense. However, even in that case, I was hoping that the
    standard session/auth plugins would support this functionality without
    doing anything additional in my Controller::Auth, i.e.:

    if ($c->req->params->{login_remember}) {
    $c->login($email, $password, $expires_long);
    } else {
    $c->login($email, $password, $expires_short);
    }

    Am I wrong in thinking that pretty much any decent login system has to
    support this anyway?.. (This is my first Catalyst project, so I
    wouldn't be surprised if there's a one-liner out there that would
    solve this problem without a need for the above - sorry if that's the
    case.)
    In WIAB::Controller::User:

    sub auto : Private {
    my ($self, $c) = @_;
    $c->stash->{template} = 'login.tt';
    if(!$c->login()) {
    $c->stash->{message} = 'Please login.';
    }
    else {
    if ($c->req->param('public') ) {
    $c->session_expire_key( __user => 600 );
    }
    $c->res->redirect($c->uri_for('/'));
    }

    }



    http://websiteinabox.googlecode.com/svn/trunk/WIAB/lib/WIAB/Controller/User.pm
  • Aristotle Pagaltzis at May 16, 2007 at 12:20 am

    * Evaldas Imbrasas [2007-05-16 00:55]:
    Persistent login is the one that lasts longer than a session.
    When a user logs in, she gets an option to be remembered for a
    given period of time. If this user comes back within that
    period of time, she is auto-logged in. A good example for this
    is mail.yahoo.com.
    Just expire some keys earlier than others.

    Regards,
    --
    Aristotle Pagaltzis // <http://plasmasturm.org/>
  • Wade Stuart at May 15, 2007 at 11:51 pm

    "A. Pagaltzis" <pagaltzis@gmx.de> wrote on 05/15/2007 05:32:18 PM:

    * Evaldas Imbrasas [2007-05-16 00:25]:
    I didn't find a Catalyst plugin that would transparently deal
    with persistent logins. Is there one? If not, what's the
    recommended way to enable persistent logins in a
    Catalyst-driven website?
    What?s a persistent login?
    Aristotle is not being obtuse -- there is no one definition for
    "persistant login" in web apps -- what are you actually trying to do. How
    would _you_ define persistent login's (action, behavior, ...)?

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedMay 15, '07 at 11:15p
activeMay 22, '07 at 1:25a
posts12
users7
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2021 Grokbase