The following diffs to the Session taglib package enable the
internal redirect to the login page. I've only tested them with
cookies-only sessions -- there may still be a problem with URL
sessions, but, if there is, the fix is trivial (I just checked
for and eliminated what I think was the bug there, but, as I
said, I haven't tested it).
Although I've made some changes that should be documented in the
POD, I've not yet added the doc changes.
Also, note that the eval in _get_session_from_store was
especially frustrating as it hid errors that occurred when
directories don't exist.
In that same vein, since the module uses $SessionDir/lock for the
lock directory without documenting this, it should at least attempt to
create the directory and die if it can't. This will probably be
included in my documentation patch.
And, J�rg, that HOWTO I promised should be forthcoming this
weekend along with the documentation updates.
Mark.
--
Find inner peace and ten thousand around you shall be saved.
-- St. Seraphim of Sarov
diff -ur lib/Apache/AxKit/Plugin/Session.pm~ lib/Apache/AxKit/Plugin/Session.pm
--- lib/Apache/AxKit/Plugin/Session.pm~ 2002-07-08 05:06:44.000000000 -0500
+++ lib/Apache/AxKit/Plugin/Session.pm 2002-10-01 01:53:35.000000000 -0500
@@ -20,7 +20,7 @@
use Apache::Constants qw(:common M_GET REDIRECT MOVED);
use Apache::URI ();
use Apache::Cookie;
-use Apache::RequestNotes;
+use Apache::Request;
use URI::Escape;
# store reason of failed authentication, authorization or login for later retrieval
@@ -104,10 +104,10 @@
return SERVER_ERROR;
}
- my $uri = uri_escape($r->uri);
- $authen_script =~ s/((?:[?&])destination=)/$1$uri/;
+ $authen_script .= "?".join("&",map{"$_=".$r->pnotes("INPUT")->get($_)}
+Apache::Request->instance($r)->param);
+
$self->debug(3,"Internally redirecting to $authen_script");
- $r->custom_response(FORBIDDEN, $authen_script);
+ $r->internal_redirect_handler($authen_script);
return FORBIDDEN;
}
# ____ End of login_form ____
@@ -130,9 +130,8 @@
#================
sub parse_input {
#----------------
- my $r = Apache->request();
- return if ($r->pnotes('INPUT'));
- Apache::RequestNotes::handler($r);
+ my $r = Apache->request;
+# We don't read the data here -- the init handler does it now.
$r->pnotes('INPUT',{}) unless $r->pnotes('INPUT');
$r->pnotes('UPLOADS',[]) unless $r->pnotes('UPLOADS');
$r->pnotes('COOKIES',{}) unless $r->pnotes('COOKIES');
@@ -452,7 +451,7 @@
my $mr = $r;
$mr = $mr->prev while ($mr->prev);
$mr = $mr->main while ($mr->main);
- $destination = $mr->uri;
+ $destination = $mr->uri.($mr->args?"?".$mr->args:"");
}
$self->debug(1,"destination = '$destination'");
@@ -697,10 +696,21 @@
}
# ____ End of import ____
-$redirect_location ||= '/redirect';
-if (!defined $AxKit::Cfg) {
- my $self = __PACKAGE__;
- $self->initialize_url_sessions($redirect_location);
+BEGIN{
+ $redirect_location ||= '/redirect';
+ use Apache;
+ my $r = Apache->request;
+ my $self = __PACKAGE__;
+ unless ($Apache::AxKit::Plugin::Session::UseURLSessions eq "NO") {
+ push @Apache::ReadConfig::PerlTransHandler, $self.'->translate_session_uri';
+ }
+ $Apache::ReadConfig::Location{$redirect_location} =
+ {
+ 'SetHandler' => 'perl-script',
+ 'PerlHandler' => $self.'->fixup_redirect',
+ };
+ push @Apache::ReadConfig::ErrorDocument, [ 302, $redirect_location ];
+ push @Apache::ReadConfig::ErrorDocument, [ 301, $redirect_location ];
}
#
@@ -833,6 +843,7 @@
$r->dir_config->get($auth_name.'ManagerArgs'),
};
};
+ die "_get_session_from_store: $@" if $@;
return $session;
}
@@ -873,7 +884,7 @@
#// retrieve session from a previous internal request
$session = $mr->pnotes('SESSION') if $mr->pnotes('SESSION');
- $self->debug(3,"checkpoint beta, session={".join(',',keys %$session)."}");
+ $self->debug(3,"checkpoint beta, session={".join(',',keys %$session)."}");
#// create/retrieve session, providing parameters for several common session
managers
if (!keys %$session) {
$session = $self->_get_session_from_store($r,$session_id);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
