氮气会话
在我的所有氮页面中,我使用以下语义:
main() ->
case wf:user() /= undefined of
true -> main_authorized();
false -> wf:redirect_to_login("/login")
end.
当用户登录并在包含表单的页面中时,如果会话超时,他仍然可以执行表单发布,这会导致我的网站逻辑出现一些问题,因为未登录的用户应该是重定向到登录页面,有什么方法可以实现这种行为,而不必遍历我的所有页面事件功能并寻找这种情况?
预先感谢并致以问候
In all my nitrogen pages i use the following semantic :
main() ->
case wf:user() /= undefined of
true -> main_authorized();
false -> wf:redirect_to_login("/login")
end.
When the user is logged in and in a page containing a form if the session timeout he can still do the form post, leading to some issues on my website logic since an unlogged user should be redirected to login page, is there any way i can achieve this behavior without have to go through all my pages event function and look for this case?
Thanks in advance and regards
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Nitrogen 为应用程序开发人员提供了定义和设置授权回调模块的能力。
您可以定义一个授权处理程序,而不是在每个页面处理程序中描述
main/0逻辑,如我在二月份编写的以下要点所示:https://gist.github.com/830529
init/2函数在您定义的security_handler回调模块中(假设您在启动时使用nitrogen:handler/2将其挂钩)将在main/0之前执行> 页面处理程序中的函数。为了确保 POST 页面处理程序的任何部分都不会执行,您应该使用 401 作为参数调用
wf:status_code/1。然后根据您的 Web 服务器的配置指定在 401 响应上提供适当的登录页面。Nitrogen provides the application developer with the ability to define and set an authorization callback module.
Instead of having the
main/0logic you describe in each of your page handlers you can define an authorization handler like in the following Gist I wrote in February:https://gist.github.com/830529
The
init/2function in thesecurity_handlercallback module you define (assuming you hook it in upon startup withnitrogen:handler/2) will be executed before themain/0function in your page handler.To be sure no part of the POST page handler is executed you should call
wf:status_code/1with 401 as argument. Then specify the appropriate login page is served on 401 responses as per your web server's configuration.