[Catalyst] New Auth/Session Stuff
Christopher H. Laco
claco at chrislaco.com
Wed Nov 30 14:55:03 CET 2005
So last night, I started working on my little 1 person photo gallery app
in Cat. In my App.pm file, I loaded:
Authentication
Authentication::Store::Minimal
Authentication::Credential::Password
Authorization::Roles
Session
Session::State::Cookie
Session::Store::File
Everything Just Worked. Bravo to everyone involved. I spent more time
installing PREREQS than I did getting login/logout auth+session into my
Catalyst app. That's a very very good thing.
Now, on to the questions! :-)
First, after I call $c->login(id, pass), I have a user hash object and
on further requests, it comes from the session.
Just out of curiosity under TT, [% c.user.id %] returns nothing but
[% c.user.password %] returns the password. Is this a bug?
Second, is there any reason why the password needs to be stored in the
session information? That seems like a dangerous and unnecessary thing
by default. If one needs the password, the should be able to get it from
get_user instead. I would think it's somewhat safer to rely on the Store
for passwords, and not have them floating around the session stores,
Maybe that depends on the store.
I haven't tried it yet, but I would think I could just set
$c->user->{password} to nothing to remove it from the store?
Thanks,
-=Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.rawmode.org/pipermail/catalyst/attachments/20051130/932196d0/smime.bin
More information about the Catalyst
mailing list