I should point out that there are actually two PostgreSQL Apache
authentication modules, mod_auth_pg and mod_auth_pgsql. It's mod_auth_pgsql
that allows for the where clause functionality that Jeff mentioned.
I have used both modules and prefer mod_auth_pg even though it seems to
have less 'features'.
They way I handle logouts is the same way I handle logouts for most of
my .htaccess enabled apps. My logout link sends a param called 'logout'
with the value of the current username ( $ENV{'REMOTE_USER'} ). The first
thing my app does is check for this parameter (logout) and compares it's
value with $ENV{'REMOTE_USER'}. If they match, I send an HTTP WWW-
Authenticate header, followed by the the html for a 'You have logged out
page'. This has the effect of popping up a new authentication window, at
which they can either enter a new username or press cancel to get the 'you
have logged out page'. The only issue i have with this method is that you
can't immediately log back in with the same username. So I provide a link
on my 'you have logged out' page to a 'fresh' page (passing no logout
parameter).
Christopher S. Hyne
http://www.chyne.com/
On Tue, 30 Apr 2002 12:05:24 -0300 (ADT), Jeff MacDonald
<[EMAIL PROTECTED]> wrote :
> Hi,
>
> I use it just to "protect" certain parts of my webserver, but not
> for actual web applications.
>
> Mod pg auth allows you to setup a where clause for authentication.
> so perhaps set a tag in the db called "logged out", and this only
> get's set to true when they login and enter the first screen of your
> application. all other screens would just check to see if it's true,
> but not bother setting it.
>
> something like that might work.
>
> jeff
>
> On Tue, 30 Apr 2002, Mark Stosberg wrote:
>
> >
> > Hello,
> >
> > Jesse has written on a number occassions about the merits of handling
> > authentication for web applications at a level seperate from the
> > application logic. While this system appealed to me, I could see how it
> > do it without using mod_perl. Today I ran across another possible
> > solution, The Apache mod_auth_pg module. It allows you to tie .htaccess
> > files into a Postgres database to handle user authentication.
> >
> > More info:
> > http://authpg.sourceforge.net/
> >
> > Has anyone tried this? How did it go? When you are using this kind of
> > system, how do you log someone out?
> >
> > Thanks,
> >
> > -mark
> >
> > http://mark.stosberg.com/
> >
> >
> > ---------------------------------------------------------------------
> > Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
> ------
> Jeff MacDonald - Tsunamicreek IT Consulting
> http://www.tsunamicreek.com
> +1 902 542 2519
> [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
