Apache 1.3.12
mod_ssl 2.6.4
OpenSSL 0.9.4
mod_perl 1.24
HTML::Embperl 1.3.3
Apache::Session 1.53
For site security I've implemented cookie-based access control in
the form of a PerlAccessHandler. This makes it easy to do things like
timeouts of sessions etc based on %udat values which can be set in the
normal operations of the embperl website.
Upon failure of the access handler, the login page is displayed via an
internal redirect with the usual apache config line of:
ErrorDocument 403 /login/index.html
This is all well and good. I can get to most of the parameters of the
original request within the login page via $req_rec->prev & friends.
For various reasons I need to get to the POST data of the original
request and pass this through to the target page.
Because the login page causes a new request upon submit, I need to get
to this data and make it available to the login page when it is first
loaded so it can store it in hidden variables (unless someone can
think of a better way?)
All calls to $r->args etc in the access handler either block or return
nothing so I'm assuming that either something has already taken the
data (in which case I need to know where to get it) or POST data isn't
available at that step of the apache execution chain ...
How can I get to the POST data from either the access handler or
internally redirected embperl login page?
Another issue is that I have to call
HTML::Embperl::Req::CleanupSession explicitly, even though the embperl
docs imply that this is not required for requests that proceed on to
Execute calls. Or does that only apply to content level
operations only? Whatever. There were session locking problems which meant
that this has to be here anyway.
I'm frantically trying to finish up a project so if anyone has any
light to shed on the subject that'd be great.
here's the important snippets of the access handler if anyone wants a peek:
use HTML::Embperl;
...
sub handler {
my $r = shift;
return DECLINED unless $r->is_main();
# get udat from Embperl's SetupSession - this will always return a
# valid hash containing at least _session_id if session handling is on.
my $udat = HTML::Embperl::Req::SetupSession($r);
return DECLINED unless $udat;
.. do checking of udat values ..
# There are semaphore locking "issues" in
# Apache::Session::LockSemaphore::acquire_write_lock line 100 which
# means that we must call this function even if we are proceeding on
# to Execute function ... (not as noted in perldoc HTML::Embperl?)
HTML::Embperl::Req::CleanupSession;
...
return OK;
}
Cheers,
--
Andrew O'Brien
[EMAIL PROTECTED]
http://www.switchonline.com.au./
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
