Nitrogen session
In all my nitrogen pages i use the following semantic :
main() ->
case wf:user() /= undefined of
true -> main_authorized();
false -> wf:redirect_to_login("/login")
end.
When the user is logged in and in a page containing a form if the session timeout he can still do the form post, leading to some issues on my website logic since an unlogged user should be redirected to login page, is there any way i can achieve this behavior without have to go throug开发者_StackOverflowh all my pages event function and look for this case?
Thanks in advance and regards
Nitrogen provides the application developer with the ability to define and set an authorization callback module.
Instead of having the main/0
logic you describe in each of your page handlers you can define an authorization handler like in the following Gist I wrote in February:
https://gist.github.com/830529
The init/2
function in the security_handler
callback module you define (assuming you hook it in upon startup with nitrogen:handler/2
) will be executed before the main/0
function in your page handler.
To be sure no part of the POST page handler is executed you should call wf:status_code/1
with 401 as argument. Then specify the appropriate login page is served on 401 responses as per your web server's configuration.
精彩评论