开发者

Nitrogen session

In all my nitrogen pages i use the following semantic :

main() -> 
case wf:user() /= undefined of 
    true  -> main_authorized();
    false -> wf:redirect_to_login("/login")
end.

When the user is logged in and in a page containing a form if the session timeout he can still do the form post, leading to some issues on my website logic since an unlogged user should be redirected to login page, is there any way i can achieve this behavior without have to go throug开发者_StackOverflowh all my pages event function and look for this case?

Thanks in advance and regards


Nitrogen provides the application developer with the ability to define and set an authorization callback module.

Instead of having the main/0 logic you describe in each of your page handlers you can define an authorization handler like in the following Gist I wrote in February: https://gist.github.com/830529

The init/2 function in the security_handler callback module you define (assuming you hook it in upon startup with nitrogen:handler/2) will be executed before the main/0 function in your page handler.

To be sure no part of the POST page handler is executed you should call wf:status_code/1 with 401 as argument. Then specify the appropriate login page is served on 401 responses as per your web server's configuration.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜