RoxenCMS 5.4Web Developer ManualAccess Control Tags

   

<ac-add-identity>
<ac-add-ppoint>
<ac-change-handle>
<ac-change-name>
<ac-change-password>
<ac-cookie-auth>
<ac-cookie-logout>
<ac-disable-auths>
<ac-enable-auths>
<ac-remove-identity>
<ac-remove-ppoint>
<ac-set-identity-data>
<ac-set-membership>
<ac-set-permission>
<ac-update-identity>

<ac-cookie-auth/>

Provided by module: Access Control: Cookie HTTP authentication

Sets a login cookie from form variables.

If the username and password is correct, the <ac-cookie-auth> tag generates a random string using a generator that combines true randomness with pseudo random sequences. The random string is stored in the AC database, and sent to the browser in a cookie. This token is used when authenticating through the AC: Cookie HTTP authentication module. The token is stored in a cookie called RoxenACauth_[confighash] where confighash is a hash of the site's configuration name.

In addition to the attributes documented below, the tag also handles some of the attributes handled by <set-cookie>, namely domain, path, secure and httponly.

Note!

Unless SSL is used, this method has relatively low security; a token that may be used to get access to a protected resource is sent unencrypted over the network.
<form method="post"> Username: <input type="text" name="username"/> Password: <input type="password" name="password"/> <input type="submit"/> </form> <ac-cookie-auth username_variable="username" password_variable="password"/>

Attributes

username_variable="string"

Variable name in the form scope to read the username from.


password_variable="string"

Variable name in the form scope to read the password from.


persistent

If this attribute is present the cookie will be stored in the browser between browser sessions, otherwise the cookie will be removed when the browser session ends.


ok_var="name"

If authentication was successful the variable with the given name will be set in the form scope.