[Catalyst] XML RPC : Authentication and Session

J. Shirley jshirley at gmail.com
Fri Aug 24 17:31:02 GMT 2007

On 8/24/07, Nicolas Raspail <nicolas at whisperingvault.net> wrote:
> Hello,
> I'm new in the Catalyst World and I'm trying to make my first app with
> it. But I have a
> problem with the session.
> I'm building an XML RPC server, and I want the users to be
> authenticated before using
> some commands. So I have created a controller (XMLRPC.pm) with the
> script and I have
> specified some commands iwth XMLRPCGlobal.
> At the beginning, the user must issue an RPC command named host_login,
> sending the
> username and the password. If the user exists, the function returns
> the sessionid that
> have been created after the authentification. this sessionid will be
> passed in argument
> in the next commands. But, that doesn't seem to work like this.
> Here is how I have implemented my RPC command :
> sub host_login : XMLRPCGlobal {
>          my ($self, $c, @args) =3D @_;
>          my $username =3D $args[0];
>          my $password =3D $args[1];
>          if ($c->authenticate({username =3D> $username, password =3D>
> $password})) {
>                  $c->stash->{xmlrpc} =3D $c->sessionid;
>          } else {
>                  $c->stash->{xmlrpc} =3D 'KO';
>          }
>          $c->response->output('host_login');
> }
> But I don't know how to use this sessionid. If in an another RPC
> command, I call
> $c->session, it creates a new session, as if there is no more any
> session present.
> So, my question is how I can return a sessionid (or anything else)
> from a fisrt rpc
> command that authenticate the users, and use it in other commands to
> avoid sending again
> the username/password.
> Thanks
> Regards
> Nicolas

Hi Nicolas,

The session needs to have something that records state, such as a cookie, in
order to preserve across various requests.  For an RPC system, this is best
accomplished by using Catalyst::Plugin::Session::State::URI


Please read all the pod available there, as there are some other issues you
should be aware of (especially about session hijacking)

Hope this helps!  And, you may want to look at Catalyst::Plugin::Server,
which makes the RPC handling much cleaner:


-- =

J. Shirley :: jshirley at gmail.com :: Killing two stones with one bird...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070824/44145=

More information about the Catalyst mailing list