Documentation

[CGIscriptor.git] / Private / index.html

<html>
<head>
<title>
        Private data
</title>
<script type="text/javascript">
<SCRIPT TYPE="text/ssperl" SRC="./JavaScript/CGIscriptorSession.js"></SCRIPT>

window.onload = function() {
        loadSessionData (CGIscriptorSessionType, CGIscriptorChallengeTicket);
        return true;
};
 
</script>

<script type="text/javascript">
<SCRIPT TYPE="text/ssperl" SRC="./JavaScript/sha.js"></SCRIPT>
</script>
</head>
<body>
<p ALIGN=RIGHT><a href="?LOGOUT">Logout</a></p>
<p ALIGN=RIGHT><a href="ChangePassword.html">Change Password</a><br />
<a href="CreateUser.html">Create New User Account</a>
</p>

<h1 align=CENTER>Private data: You are now logged in as <em><script type="text/ssperl" CGI='$LOGINUSERNAME=""'>$LOGINUSERNAME</script></em></h1>
<p align=CENTER>Logged in from <script type="text/ssperl" CGI='$LOGINIPADDRESS="" $LOGINPATH="" $SESSIONTYPE @CAPABILITIES="TEST"'>
        my $Caps = "(".join(", ",@CAPABILITIES).")" if @CAPABILITIES;
        "$LOGINIPADDRESS $LOGINPATH <br />Session type: $SESSIONTYPE $Caps";
</script></p>
<p align=CENTER><a href="manual.html">Go to manual</a></p>

<A NAME="SESSIONTICKETS"><H2 ALIGN="CENTER">SERVER SIDE SESSIONS AND ACCESS CONTROL (LOGIN)</H2></A>
<p>
An infrastructure for user acount authorization and file access control
is available. Each request is matched against a list of URL path patterns.
If the request matches, a Session Ticket is required to access the URL.
This Session Ticket should be present as a CGI parameter or Cookie:
</p>
<p>
CGI: SESSIONTICKET=&lt;value&gt;<br />
Cookie: CGIscriptorSESSION=&lt;value&gt;</p>
<p>
The example implementation stores Session Tickets as files in a local
directory. To create Session Tickets, a Login request must be given 
with a LOGIN=&lt;value&gt; CGI parameter, a user name and a (doubly hashed)
password. The user name and (singly hashed) password are stored in a
PASSWORD ticket with the same name as the user account (name cleaned up 
for security).
</p>

</body>
</html>