Erlyweb authentication questions

9 views
Skip to first unread message

ste...@gmail.com

unread,
May 7, 2007, 12:46:46 AM5/7/07
to erlyweb
Hi,

I read recently that chitter (erlang twitter clone) would be a good
tutorial for Erlyweb so I started writing it. Currently I have a
public timeline and a form for posting new messages. But, I have no
authentication logic so the form trusts that you are entering your
real username. Clearly I want to fix that (as well as add user pages)
but I haven't run into any examples in erlyweb of how the
authentication model works and was hoping somebody here could point me
in the right direction.

Thanks,
Steve Jenson

Roberto Saccon

unread,
May 7, 2007, 2:39:10 AM5/7/07
to erlyweb
The authentication logic I would place into the before_call/2
controller hook.

The most simple approach for authentication logic you will find at
http://yaws.hyber.org/session.yaws, just set the cookie session when
the user successful logs in.

If you want more security, but https is not an option, there exist
some JavaScript based challenge-response methods, e.g.
http://www.pajhome.org.uk/crypt/md5/auth.html

Roberto

Yariv Sadan

unread,
May 8, 2007, 12:15:27 PM5/8/07
to erl...@googlegroups.com
Instead of using before_call/2, I prefer checking if the user is
logged in (using a randomly generated session key) in the app
controller's hook/1 function. If he is, I add the tuple {user,
SessionData} to the arg's opaque list. Then, all functions that get
the arg as a parameter can check the opaque list for the session data.

Yariv

Mike Pence

unread,
May 8, 2007, 12:28:53 PM5/8/07
to erl...@googlegroups.com
Way to take the initiative, Steve. This is a deadline week for me, so
I have been swamped.

Mike Pence

ste...@gmail.com

unread,
May 9, 2007, 3:21:05 AM5/9/07
to erlyweb
Disregard that last post, I wasn't updating the Arg record properly.
Now I'm on track. Such an obvious blunder (I tried to set it in-place)
means it's bedtime.

thx,
steve

On May 8, 9:15 am, "Yariv Sadan" <yari...@gmail.com> wrote:
> Instead of using before_call/2, I prefer checking if the user is
> logged in (using a randomly generated session key) in the app
> controller's hook/1 function. If he is, I add the tuple {user,
> SessionData} to the arg's opaque list. Then, all functions that get
> the arg as a parameter can check the opaque list for the session data.
>
> Yariv
>

ste...@gmail.com

unread,
May 11, 2007, 12:55:03 AM5/11/07
to erlyweb
Hi Yariv,

I attempted to use your login controller[1] but it crashes my yaws
instance with a strange error:

=ERROR REPORT==== 10-May-2007::21:51:35 ===
Yaws process died: {function_clause,[{yaws_server,binary_size,[187,
{}]},
{yaws_server,binary_size,2},
{yaws_server,deliver_accumulated,
5},
{yaws_server,finish_up_dyn_file,
2},
{yaws_server,aloop,3},
{yaws_server,acceptor0,2},
{proc_lib,init_p,5}]}

Are there parts of that code I should update for the latest version of
erlyweb?

Thanks,
Steve

[1] http://yarivsblog.com/articles/2007/01/11/erlyweb-tutorial-creating-a-simple-login-page/

On May 8, 9:15 am, "Yariv Sadan" <yari...@gmail.com> wrote:

> Instead of using before_call/2, I prefer checking if the user is
> logged in (using a randomly generated session key) in the app
> controller's hook/1 function. If he is, I add the tuple {user,
> SessionData} to the arg's opaque list. Then, all functions that get
> the arg as a parameter can check the opaque list for the session data.
>
> Yariv
>

Reply all
Reply to author
Forward
0 new messages