>you can set these in yourself by overwriting
>the AuthCookie Response method
>
>you should catch these in your
>own subs and send back messages
>
>for instance
>in my Auth.pm authen_ses_key sub
[ snip ]
In addition to that, what I found confusing was actually getting authen_ses_key to be
called in the first place, after a failed login attempt.
The stock authen_cred returns data that will be loaded into a cookie only if
authentication is successful. To get authen_ses_key to be called after an
unsuccessful attempt, your authen_cred needs to do this:
if ( check_creds() ) {
# make a ticket, start a session, etc
return $valid_ticket_data;
}
else {
return "oops"; # make sure we never accept this as a valid cookie!
}
Now authen_ses_key gets called and AuthCookie will set AuthCookieReason to bad_cookie
if you return undef. Also, you now have a chance to set other environment variables.
...Steve
--
Steve van der Burg
Information Services
London Health Sciences Centre
(519) 685-8300 ext 35559
[EMAIL PROTECTED]
