1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>1.4.1 Module</title>
<META NAME="description" CONTENT="1.4.1 Module">
<META NAME="keywords" CONTENT="lib">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="STYLESHEET" href="lib.css" type='text/css'>
<link rel="first" href="lib.html">
<link rel="contents" href="contents.html" title="Contents">
<LINK REL="next" HREF="node13.html">
<LINK REL="previous" href="module-CookieSessionAuthenticate.html">
<LINK REL="up" href="module-CookieSessionAuthenticate.html">
<LINK REL="next" HREF="node13.html">
<meta name='aesop' content='information'>
</head>
<body>
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="module-CookieSessionAuthenticate.html"><img src="../icons/previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="module-CookieSessionAuthenticate.html"><img src="../icons/up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A HREF="node13.html"><img src="../icons/next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">CherryPy Standard Library Reference</td>
<td><A href="contents.html"><img src="../icons/contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="module-CookieSessionAuthenticate.html">1.4 CookieSessionAuthenticate </A>
<b class="navlabel">Up:</b> <a class="sectref" href="module-CookieSessionAuthenticate.html">1.4 CookieSessionAuthenticate </A>
<b class="navlabel">Next:</b> <a class="sectref" HREF="node13.html">1.4.2 Example</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
<H2><A NAME="SECTION003410000000000000000">
1.4.1 Module</A>
</H2>
A cookie-based authentication allows website users to login/logout using a username and a password.
<P>
While they are logged in, their session information is stored on their computer via a cookie.
<P>
If they are inactive for too long, they are automatically logged out.
<P>
This module provides an easy to use implementation of a cookie-based authentication.
<P>
This module is quite different from the <var>CookieAuthenticate</var> module because
the login/password is only checked once (when the user first loggs in) and then
the fact that this user is logged in is stored as a session.
<P>
To use this module, you have to declare a CherryClass that inherits from <var>CookieSessionAuthenticate</var>, and all your masks
and views will be automatically protected.
<P>
To perform this magic, <var>CookieSessionAuthenticate</var> uses AOP (aspect oriented programming). This basically means
that it will add some extra code at the beginning of each of your masks and views.
<P>
You may use the following variables and methods:
<P>
<dl><dt><b><a name="l2h-20"><tt class="member">variable: sessionIdCookieName</tt></a></b>
<dd>
String containing the name of the cookie where the <var>login/session</var> informations are stored. (default value is <var>CherrySessionId</var>)
</dl>
<dl><dt><b><a name="l2h-21"><tt class="member">variable: timeout</tt></a></b>
<dd>
Integers containing the timeout in minutes. If the user is inactive for that time, it will
automatically be logged out. Default value ie 60. Set it to 0 if you want no timeout.
</dl>
<P>
<dl><dt><b><a name="l2h-22"><tt class="function">function: checkLoginAndPassword</tt></a></b>(<var>login, password</var>)
<dd>
This is where you specify what the valid login/password combinations are.
This method should return None if the login/password are ok and an error message such as "Wrong login/password" or "Account disabled" if
the login/password are not ok.
</dl>
<P>
<dl><dt><b><a name="l2h-23"><tt class="function">mask or view: loginScreen</tt></a></b>(<var>message, fromPage, login=''</var>)
<dd>
This is the page that is displayed when the user tries to access a protected page without being logged in.
<P>
<var>message</var> is a string containing the reason why no user is logged in. Possible values are:
<UL>
<LI><b>timeoutMessage</b>: This means that someone was logged in, but they remained inactive for too long
</LI>
<LI><b>wrongLoginPasswordMessage</b>: This means that someone is trying to log in, but the login and password they
entered are incorrect
</LI>
<LI><b>noCookieMessage</b>: This means that no informations are available: this is probably the first time the
user is coming here
</LI>
</UL>
<P>
<var>fromPage</var> is a string containing the URL of the page the user was trying to access.
<P>
<var>login</var> is a string containing the login of the user if any. If the string is not empty, it means that
the user already entered a login, but the password was incorrect, or that the user had a cookie with the login in it.
This allows to display the login in the form so the user doesn't have to enter it each time.
<P>
The CherryClass comes with a default <var>loginScreen</var> mask. You'll probably want to overwrite it to customize it for
your needs. All you have to do is define a form that calls the <var>doLogin</var> method with 3 parameters:
<var>login</var>, <var>password</var> and <var>fromPage</var>. The first two are entered by the user. The third one should be a hidden
field with the value that's passed to the function.
<P>
The following code is the default implementation of the <var>loginScreen</var> mask:
<div class="verbatim"><pre>
<html><body>
Message: <div py-eval="message">message</div>
<form method="post" action="doLogin">
Login: <input type=text name=login py-attr="login" value="" length=10><br>
Password: <input type=password name=password length=10><br>
<input type=hidden name=fromPage py-attr="fromPage" value=""><br>
<input type=submit>
</form>
</body></html>
</pre></div>
</dl>
<P>
<dl><dt><b><a name="l2h-24"><tt class="function">mask or view: logoutScreen</tt></a></b>()
<dd>
This page is displayed after the user logged out. This method is called by the <var>doLogout</var> method.
You may overwrite it to suit your needs.
</dl>
<P>
<dl><dt><b><a name="l2h-25"><tt class="function">view: doLogout</tt></a></b>()
<dd>
This is the mask or view you should call to perform a logout. This method performs the logout, and then calls
the <var>logoutScreen</var> method to display the logout screen.
</dl>
<P>
<dl><dt><b><a name="l2h-26"><tt class="member">variable: request.login</tt></a></b>
<dd>
String containing the login of the user that is logged in. The string is empty if no-one is logged in. The reason this is stored in the <var>request</var> global variable is to make it thread-safe.
</dl>
<P>
<div class="seealso">
<p class="heading"><b>See Also:</b></p>
<dl compact class="seemodule">
<dt>Module <b><tt class="module"><a href="module-CookieAuthenticate.html">CookieAuthenticate</a></tt>:</b>
<dd>Cookie-based authentication.
</dl>
<dl compact class="seemodule">
<dt>Module <b><tt class="module"><a href="module-HttpAuthenticate.html">HttpAuthenticate</a></tt>:</b>
<dd>Basic HTTP authentication.
</dl>
</div>
<P>
<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="module-CookieSessionAuthenticate.html"><img src="../icons/previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="module-CookieSessionAuthenticate.html"><img src="../icons/up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A HREF="node13.html"><img src="../icons/next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">CherryPy Standard Library Reference</td>
<td><A href="contents.html"><img src="../icons/contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="module-CookieSessionAuthenticate.html">1.4 CookieSessionAuthenticate </A>
<b class="navlabel">Up:</b> <a class="sectref" href="module-CookieSessionAuthenticate.html">1.4 CookieSessionAuthenticate </A>
<b class="navlabel">Next:</b> <a class="sectref" HREF="node13.html">1.4.2 Example</A>
<hr>
<span class="release-info">Release 0.10, documentation updated on 19 March 2004.</span>
</DIV>
<!--End of Navigation Panel-->
<ADDRESS>
See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
</ADDRESS>
</BODY>
</HTML>
|
