On Friday 17 January 2003 00:32, Mark A. Hershberger wrote: > Regarding the "credential_0" found in the J�rg's Session taglib, > > Kjetil writes: > > I'll try to look into that. As I said, I use Mark's patches, so > > there may be something there. > > I did not add the credential_0 part. J�rg didn't write it (or, at > least it wasn't original with him).
I see! > I spent several weeks trying to get the Session taglib working > (Right: I have no life) and did a bit of archeology on the taglib and > its origins. Hehe, at least when there is somebody around who can say that, it might help me... :-) > To understand the taglib, you should be familiar with the module > Apache::AuthCookie and Apache::AuthCookieURL as well. Reading the > documentation for Apache::AuthCookie, you'll see the following: OK, I've looked. > * login() > This method handles the submission of the login form. It > will call the authen_cred() method, passing it $r and all the > submitted data with names like "credential_#", where # is a > number. These will be passed in a simple array, so the prototype > is $self->authen_cred($r, @credentials). After calling > authen_cred(), we set the user's cookie and redirect to the URL > contained in the "destination" submitted form field. > > That is the origin of the credential_0 bit and also why I suspect you > are having problems with your code. The taglib was built to work > with forms and you don't have any. Expect problems. That's very interesting. Thanks so much. There's one thing I noted in there, I've been confused about the use of the 403 for a while, and now it seems it originates there too: "The method should return OK on success and FORBIDDEN on failure.", but this seems to me to be a violation of RFC 2616 (the HTTP 1.1 spec), < http://www.w3.org/Protocols/rfc2616/rfc2616.html > "10.4.4 403 Forbidden The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated." But here we are trying to get people authorized, so a "go away" message is inappropriate.... :-) Anybody have views to share on this? Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
