CGI::Application::PlCGI::Application::Plugin::Authentication::Store::Cookie(3)NAMECGI::Application::Plugin::Authentication::Store::Cookie - Cookie based
Store
VERSION
This document describes CGI::Application::Plugin::Authentication
version 0.20
SYNOPSIS
use base qw(CGI::Application);
use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::Authentication;
__PACKAGE__->authen->config(
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
);
DESCRIPTION
This module uses a cookie to store authentication information across
multiple requests. It works by creating a cookie that contains the
information we would like to store (like the name of the user that is
currently authenticated), and then base64 encoding the data. In order
to ensure that the information is not manipulated by the end-user, we
include a CRC checksum that is generated along with our secret. Since
the user does not know the value of the secret, they will not be able
to recreate the checksum if they change some of the values, so we will
be able to tell if the information in the cookie has been manipulated.
THE SECRET
Choosing a good secret
An easy way to generate a relatively good secret is to run the
following perl snippet:
perl -MDigest::MD5=md5_base64 -l -e 'print md5_base64($$,time(),rand(9999))'
Just use the resulting string as your secret.
Configuring the secret
There are three ways that you can provide a secret to the module:
Hardcode the secret
You can hardcode a secret right in the
CGI::Application::Plugin::Authentication::Store::Cookie module, so
that you don't have to remember to provide one every time you use
the module. Just open the source in a text editor and look at the
top of the file where it defines 'our $SECRET' and follow the
instruction listed there.
Provide the SECRET option when using the module
You can also just provide the secret as an option when using the
module using the SECRET parameter.
__PACKAGE__->authen->config(
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone"],
);
Let the module choose a secret for you
And lastly, if you forget to do either of these, the module will
use the name of your application as the secret, but that is not a
very good value to use, so a warning will be spit out everytime it
uses this. This is the least desirable choice, and is only
included as a last resort.
DEPENDENCIES
This module requires the following modules to be available.
MIME::Base64
Digest::SHA
CGI::Cookie
METHODS
fetch
This method accepts a list of parameters and fetches them from the
cookie data.
save
This method accepts a hash of parameters and values and stores them in
the cookie data.
delete
This method accepts a list of parameters and deletes them from the
cookie data.
initialize
This method will check for an existing cookie, and decode the contents
for later retrieval.
cookie_name
This method will return the name of the cookie
SEE ALSO
CGI::Application::Plugin::Authentication::Store,
CGI::Application::Plugin::Authentication, perl(1)AUTHOR
Cees Hek <ceeshek@gmail.com>
LICENCE AND COPYRIGHT
Copyright (c) 2005, SiteSuite. All rights reserved.
This module is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
DISCLAIMER OF WARRANTY
BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER
PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH
YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
NECESSARY SERVICING, REPAIR, OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE
TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
perl v5.14.1CGI::Application::Plugin::Authentication::Store::Cookie(3)