NAME

Apache::SiteControl::UserFactory - User factory/persistence

DESCRIPTION

This class is responsible for creating user objects (see Apache::SiteControl::User) and managing the interfacing of those objects with a persistent session store. The default implementation uses Apache::Session::File to store the various attributes of the user to disk.

If you want to do your own user management, then you should leave the User class alone, and subclass only this factory. The following methods are required:

sub makeUser($$) - This method is called with the Apache Request object and
the desired user name. It must create and return an instance of
Apache::SiteControl::User (using new...See User), and store that information (along with
the session key stored in cookie format in the request) in some sort of
permanent storage.  This method is called in response to a login, so it should
invalidate any existing session for the given user name (so that a user can be
logged in only once).  This method must return the key to use as the browser
session key, or undef if it could not create the user.

sub findUser($$) - This method is passed the apache request and the session
key (which you defined in makeUser).  This method is called every time a
"logged in" user makes a request. In other words the user objects are not
persistent in memory (each request gets a new "copy" of the state). This method
uses the session key (which was stored in a browser cookie) to figure out what
user to restore. The implementation is required to look up the user by the
session key, recreate a Apache::SiteControl::User object and return it. It must restore
all user attributes that have been saved via saveAttribute (below). 

sub invalidate($$) - This method is passed the apache request object and a
previously created user object. It should delete the user object from permanent
store so that future request to find that user fails unless makeUser has been
called to recreate it. The session ID (which you made up in makeUser) is
available from $user->{sessionid}.

sub saveAttribute($$$) - This method is automatically called whenever a user 
has a new attribute value. The incoming arguments are the apache request, the
user object, and the name of the attribute to save (you can read it with
$user->getAttribute($name)). This method must save the attribute in a such a
way that later calls to findUser will be able to restore the attribute to the
user object that is created. The session id you created for this user (in
makeUser) is available in $user->{sessionid}.

Apache Config Directives

AccessControllerDebug  (default 0): Debug mode

AccessControllerLocks  (default /tmp): Where the locks are stored

AccessControllerSessions (default /tmp): Where the session data is stored

AccessControllerUserFactory (default: Apache::SiteControl::UserFactory): The module

UserObjectSaveOtherCredentials (default: 0): Indicates that other form data
   from the login screen (credential_2, credential_3, etc.) should be saved
   in the session data. The keys will be credential_2, etc.  name of the
   user factory to use when making user objects. These are useful if your
   web application has other login choices (i.e. service, database, etc.)
   that you need to know about at login.

UserObjectSavePassword (default 0): Indicates that the password should be
   saved in the local session data, so that it is available to other parts
   of the web app (and not just the auth system). This might be necessary if
   you are logging the user in and out of services on the back end (like in
   webmail and database apps).

UserObjectPasswordCipher (default CAST5): The CBC cipher used for encrypting
   the user passwords in the session files (See Crypt::CBC for info on
   allowed ciphers...this value is passed directly to Crypt::CBC->new). If
   you are saving user passwords, they will be encrypted when stored in the
   apache session files. This gives a little bit of added security, and
   makes the apache config the only sensitive file (since that is where you
   configure the key itself) instead of every random session file that is
   laying around on disk. Unfortunately, I have not found a consistent
   way to initialize this from a random source that I like, since web apps
   often run in mulitple separate processes. This is on the TODO list. For
   now, see UserObjectPasswordKey.
   
UserObjectPasswordKey: The key to use for encryption of the passwords in the
   session files. See UserObjectPasswordCipher above.

AUTHOR

This module was written by Tony Kay, <tkay@uoregon.edu>.

COPYRIGHT AND LICENSE

To install Apache::SiteControl::User, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Apache::SiteControl::User

CPAN shell

perl -MCPAN -e shell
install Apache::SiteControl::User

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

Apache Config Directives

SEE ALSO

AUTHOR

COPYRIGHT AND LICENSE

Module Install Instructions