[Catalyst] XML RPC : Authentication and Session

Nicolas Raspail nicolas.raspail at whisperingvault.net
Mon Aug 27 18:59:17 GMT 2007 

Nicolas Raspail a écrit :
> Quoting "J. Shirley" <jshirley at gmail.com>:
> 
>> On 8/24/07, Nicolas Raspail <nicolas at whisperingvault.net> wrote:
>>>
>>> Hello,
>>>
>>> I'm new in the Catalyst World and I'm trying to make my first app with
>>> it. But I have a
>>> problem with the session.
>>>
>>> I'm building an XML RPC server, and I want the users to be
>>> authenticated before using
>>> some commands. So I have created a controller (XMLRPC.pm) with the
>>> script and I have
>>> specified some commands iwth XMLRPCGlobal.
>>>
>>> At the beginning, the user must issue an RPC command named host_login,
>>> sending the
>>> username and the password. If the user exists, the function returns
>>> the sessionid that
>>> have been created after the authentification. this sessionid will be
>>> passed in argument
>>> in the next commands. But, that doesn't seem to work like this.
>>>
>>> Here is how I have implemented my RPC command :
>>>
>>> sub host_login : XMLRPCGlobal {
>>>          my ($self, $c, @args) = @_;
>>>
>>>          my $username = $args[0];
>>>          my $password = $args[1];
>>>
>>>          if ($c->authenticate({username => $username, password =>
>>> $password})) {
>>>                  $c->stash->{xmlrpc} = $c->sessionid;
>>>          } else {
>>>                  $c->stash->{xmlrpc} = 'KO';
>>>          }
>>>          $c->response->output('host_login');
>>> }
>>>
>>> But I don't know how to use this sessionid. If in an another RPC
>>> command, I call
>>> $c->session, it creates a new session, as if there is no more any
>>> session present.
>>>
>>> So, my question is how I can return a sessionid (or anything else)
>>> from a fisrt rpc
>>> command that authenticate the users, and use it in other commands to
>>> avoid sending again
>>> the username/password.
>>>
>>> Thanks
>>>
>>> Regards
>>>
>>> Nicolas
>>
>>
>>
>> Hi Nicolas,
>>
>> The session needs to have something that records state, such as a 
>> cookie, in
>> order to preserve across various requests.  For an RPC system, this is 
>> best
>> accomplished by using Catalyst::Plugin::Session::State::URI
>>
>> http://search.cpan.org/~nuffin/Catalyst-Plugin-Session-State-URI-0.07/lib/Catalyst/Plugin/Session/State/URI.pm 
>>
>>
>> Please read all the pod available there, as there are some other 
>> issues you
>> should be aware of (especially about session hijacking)
>>
>> Hope this helps!  And, you may want to look at Catalyst::Plugin::Server,
>> which makes the RPC handling much cleaner:
>> http://search.cpan.org/~michiel/Catalyst-Plugin-Server-0.24/lib/Catalyst/Plugin/Server.pm 
>>
>>
>> -J
>>
>> -- 
>> J. Shirley :: jshirley at gmail.com :: Killing two stones with one bird...
>> http://www.toeat.com
>>

Hi,

I'm struggling with Session URI and XML RPC with no sucess. I can't
figure out how this works. I'm using Data::Dumper to dump the value of
some catalyst and it seems that the session is not valid anymore in the
second RPC call.

Can anyone that is using XML RPC and session can explain me how to do
that please ?

Thanks

Nicolas

PS: I have made a mistake and send this email only to J. Shirley two 
time... Sorry

More information about the Catalyst mailing list