R: [Chameleon] Chameleon authorization

Julien-Samuel Lacroix jlacroix at mapgears.com
Thu Oct 12 10:08:34 EDT 2006 

Can you please had a note in the bug with your version of Chameleon and 
the system you have. That way we'll have another test case to reproduce 
this.

Julien

gianluigi nozza wrote:
> I didn't realize that chameleon should have a garbage collection feature
> capable of erase expired session (based upon the value of
> session.gc_maxlifetime in php.ini). I also have seen that the garbage
> collection process has a default probability of 1/100 to start each time a
> session is started, but even setting the probability to 100/100 apparently
> garbage collection never starts (so you have to delete old sessions
> manually). I have seen some post in the past already stating the problem. As
> far as I know no bug report is opened about, maybe the DM solution team
> could verify ?
> 
> -----Messaggio originale-----
> Da: Julien-Samuel Lacroix [mailto:jlacroix at mapgears.com] 
> Inviato: mercoledì 11 ottobre 2006 17.50
> A: gianluigi nozza
> Cc: chameleon at lists.maptools.org
> Oggetto: Re: [Chameleon] Chameleon authorization
> 
> Hi,
> Chameleon should delete old session itself based on the session 
> parameters in php.ini. If not, please open a bug.
> 
> One thing you can do is to set the Visible or Enabled parameter in your 
> widgets based on the user logged. I know someone already did that, but 
> don't remember who.
> 
> Julien
> 
> gianluigi nozza wrote:
> 
>>Hi all,
>>
>>I took a look to the sample_user and sample_admin phtml files to try a 
>>simple authorization feature in Chameleon. I was able to setup a demo 
>>application with authorization capabilities but I found that destroing 
>>sessions (for example when you clean the tmp directory) also destroy the 
>>sql_lite dbase in wich passwords are probably stored, so I have modified 
>>the examples above to write and read files in another directory. It 
>>works ! so I can clean up the tmp directory without having to define 
>>each time the authorized users.
>>
>>Is it a correct approach ? or for some reason I can’t figure out, the 
>>dbase must reside in the tmp directory ?
>>
>>Another question; at this point, when you have authorized an user, how 
>>can you provide different functionality to your application ? I have 
>>seen that one approach could be serving different templates based upon 
>>the user name logged, but this of corse requires a lot of customization 
>>work. Other approaches ?
>>
>>Gianluigi
>>
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Chameleon mailing list
>>Chameleon at lists.maptools.org
>>http://lists.maptools.org/mailman/listinfo/chameleon
> 
> 

-- 
Julien-Samuel Lacroix
Mapgears
http://www.mapgears.com/

More information about the Chameleon mailing list