create new tag
, view all tags

SmartSessionPlugin: Simple Installation Instructions

This is a start for simple step-by-step instructions how to use SmartSessionPlugin, which is an extended alternative to SessionPlugin.

Why to use it

  • To provide a way for logons to be remembered on all pages, even those that do not require a logon to view.
    • Other related topics for more details:
    • This is traditionally provided by things like the $doRememberRemoteUser setting in TWiki.cfg.
    • SmartSessionPlugin uses a different technology to keep this information persistent without having to record IP addresses or anything along those lines
    • SmartSessionPlugin can also plug in to a variety of authentication mechanisms
      • "Out of the box" it works well with Apache's "Basic Authentication." This is the authentication style that TWiki.org uses. It pops up a dialog box, requests a plaintext username and password, and authenticates through the web server. SmartSessionPlugin takes the hand-off from "Basic Authentication" and makes it persistent across pages that do not require authentication.
      • With some configuration, it can easily be used with other authentication methods. As long as authentication is done first and some token is passed on, SmartSessionPlugin can take the hand-off and make that authentication persistent.

  • To provide a way for TWiki pages to treat authenticated users differently than non-authenticated users.
    • Conditional tools within SmartSessionPlugin allow different content to be displayed to authenticated users than non-authenticated users on the same page.
    • Logon prompts can be given to non-authenticated users while user information and tools can be given to authenticated users.

  • To provide a way to store information persistently across a session.
    • SmartSessionPlugin creates a "session" which can be thought of as a visit-persistent memory source to TWiki pages and other TWiki plugins.
    • Preferences ("SKIN" is a good example) can then be set within the visit-persistent session memory that will change the look and feel of the TWiki site for the duration of the visit.

When it will not work for you (known limitations)

  • At the moment, problems with the TWiki core make the current release of SmartSessionPlugin unable to work with modperl or things like SpeedyCGI.
    • This is a problem with BeijingRelease
    • There is an easy-to-do hack to SmartSessionPlugin that will remove this limitation, but it is simply an ugly work-around to a known problem with BeijingRelease.
    • After more deliberation, this "hack" may be added to the standard release.
  • If the user does not enable per-session cookies, SmartSessionPlugin will by default start to pass session information at the end of every URL
    • URLs will thus look much more complicated as they will have a ?CGISESSID= following all of them and then a long stream of numbers and letters following that
    • If this is not desirable, this automatic rewrite of URLs can be disabled within the plugin, but session information will not be able to be communicated with the server and SmartSessionPlugin will be rendered useless for browsers with per-session cookies disabled.


  • CGI::Session
    • CGI::Session's primary dependecies are Digest::MD5 and Storable
    • Note that CGI::Session will then require a directory that is writable by the web server to store its session files. This, by default, is specified to be /tmp. To change this, the user must edit SessionPlugin.pm directly.

Installation of dependencies

Installation of Plugin

  • In lib/TWiki.cfg set $doRememberRemoteUser = 0
  • Untar SmartSessionPlugin.tgz into the twiki directory structure

Test if it works

  • Visit the TWiki/SessionPlugin topic and make sure that TWiki variables are being properly replaced
  • Testing authentication persistence:
    • Edit a TWiki topic (which requires logon) and add %WIKINAME% somewhere to the topic
    • View the topic after saving. %WIKINAME% should be replaced with the real WikiName of the person logged in and not "TWikiGuest".
    • Close the browser and open up a new browser visiting that page
    • Now the %WIKINAME% should be replaced by "TWikiGuest"
    • Edit the page, cancel the edit, and view again.
    • Now the %WIKINAME% should be replaced by the user name that just logged in.

What is different default Twiki install

How to use it in skins

Known bugs/workaround


(Please keep the text above in document mode if possible)

This is a start. I realized I need to read and re-read many pages and still am not sure how to use this cool plugin.

Ted, sorry I lack your deep understanding of plugins, Apache security, Twiki core, and cookies. I just need to know how to use it. I really appreciate what you did and like to use it, but cannot with simple easy to follow steps.

-- PeterMasiar - 02 Sep 2003

I've made some additions above. I'll try to update this page and keep instructions simple and brief.

-- TedPavlic - 02 Sep 2003

I fixed a link above. It's good to see this cookbook - per-user session handling is important to many possible new features, including per-user localisation (InternationalisationEnhancements), per-user TimeZones, personal skins, MyTWikiOrg, more friendly user authentication, etc.

-- RichardDonkin - 03 Sep 2003

Above link for one of the dependencies, MD5, isn't working (version 2.27). Hopefully, this plugin will work with the newer version of the MD5 Digest::MD5 version 2.33.

-- DavidLindstrom - 09 Dec 2003

I tried to use SmartSessionPlugin with the latest Cairo beta release (TWiki20031218beta). It just don't work. Are there plans to support Cairo release?

-- LarsUffmann - 05 Jan 2004

This is due to the changes in the Plugin API. (Actually the various changes break multiple plugins) I have modified Ted's SmartSessionPlugin such that it works with the current betas, and I fed patches back to him last year. I presume that he hasn't had the time to merge them. I have no inclination of taking up support of this plugin on TWiki.org, but thought you might appreciate a definitive answer - it's broke until someone chooses to maintain it on TWiki.org.

If you want a copy of my fixed version, feel free to contact me. I have no intention of posting it here. (Other people who want this working are more than welcome to ask me for the code, as long as they are willing to maintain it)

-- MS - 11 Feb 2004

Adding an earlyInitPlugin method fixed this problem for me:

sub earlyInitPlugin
    _init_preferences() or return 0;
    return 1;

I don't claim to know a lot about plugins and there is probably more to be done to fix this properly. I'm posting this here in case it's of use to anyone else.

-- PaulDoyle - 26 Aug 2004

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2004-08-26 - PaulDoyle
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.