Yeah, I'm using it in production, it works fine. You just can't test compiling
it from the command line, that's when you get the perl_hook error.
[EMAIL PROTECTED] (Spidaman The Defenestrator) wrote:
>
>I've been messing around with some wacky PerlAccessHandler and
>PerlAuthenHandler code lately, if Apache::AuthCookie is orphaned I might
>want to fix it up. Last I looked, it's tests choked on "Undefined
>subroutine &Apache::perl_hook" ...IIRC that means it's not current. Is
>anybody using it in production with recent mod_perl's??
>
>Meanwhile, back at the ranch...
>
>> Hi folks,
>>
>> I haven't gotten any response about this. My email to Eric Bartley
>> (the author of Apache::AuthCookie) bounced - does anyone know how to
>> contact him, or whether there's a new maintainer?
>>
>> If we can't find him, I suppose we should either make a new module
>> for this (Apache::CookieAuth?) or find a new maintainer for
>> AuthCookie.
>>
>>
>> [EMAIL PROTECTED] (Ken Williams) wrote:
>> >Hi mod_perl-ers,
>> >
>> >I've been working with the Apache::AuthCookie module, and have made a
>> >couple of modifications that make it more flexible. As an added
>> >benefit, the code is now shorter and simpler. =) I hereby submit the
>> >code for discussion and possible adoption by Eric. Patch attached.
>> >
>> >The motivation for this was that I wanted users to be able to access
>> >certain documents whether they're logged in or not. If they're logged
>> >in, they should get a customized version of the document (packages like
>> >HTML::Mason make this easy), and if they're not, they get a generic
>> >version. This required two changes:
>> >
>> > - Apache::AuthCookie should be able to recognize whether a user is logged
>> > in, *even for unprotected documents*.
>> >
>> > - Since a user can access a document regardless of whether he/she is
>> > logged in, and since the user should be able to log in at any time, the
>> > login procedure should be trigerrable by some means other than simply
>> > accessing a protected document.
>> >
>> >The key change is that there's now a URL (I've called it LOGIN) and
>> >corresponding method (Apache::AuthCookie->login()) that handles a
>> >user's initial login. After login, the user is redirected to the page
>> >they requested. This means that the authen() method doesn't have to
>> >implement such complicated logic anymore - if the user sent a cookie,
>> >check its validity. If not, redirect to the login form. That meant I
>> >could rip out a lot of the code from the authen() method.
>> >
>> >There's also a new recognize_user() method which checks to see whether
>> >a valid authentication cookie has been sent, and if so, sets
>> >$r->connection->user.
>> >
>> >
>> >As a bonus side-effect, AuthCookie can now authenticate even when the
>> >requested page URL has a non-empty query string (this has been a
>> >limitation of AuthCookie). This is because the redirection URL is now
>> >simply sent in the login form as a hidden field, so it can contain
>> >whatever query information it wants.
>> >
>> >
>> >It's important to note that these changes are not fully backward-compatible
>> >with previous versions. Some modifications will be required to adopters'
>> >..htaccess files and login forms. Here's what mine look like. The login
form
>> >can be on any page, allowing the user to log in at any time:
>> >
>> > <form action=LOGIN method=GET>
>> > <input type=hidden name=destination value="<% $current_url %>">
>> > <input type=hidden name=AuthType value="<% $r->auth_type %>">
>> > <input type=hidden name=AuthName value="<% $r->auth_name %>">
>> > username:<br> <input type=text name=credential_0 size=13><br>
>> > password:<br> <input type=password name=credential_1 size=13><br>
>> > <input type=submit name=submit value=login>
>> > </form>
>> >
>> >My .htaccess file (in a /listeners/ directory) is as follows. MMAuth is a
>> >subclass of Apache::AuthCookie, implementing the authen_cred() and
>> >authen_ses_key() methods.
>> >
>> >
>> > AuthType MMAuth
>> > AuthName Listener
>> > PerlSetVar ListenerPath /listeners/
>> > PerlSetVar ListenerLoginScript /listeners/login.pl
>> > PerlSetVar MMSessionExpiration 480
>> > PerlFixupHandler MMAuth->recognize_user
>> >
>> > <Files LOGIN>
>> > SetHandler perl-script
>> > PerlHandler MMAuth->login
>> > </Files>
>> >
>> > <Files ~ "^protected\.ma$">
>> > PerlAuthenHandler MMAuth->authen
>> > PerlAuthzHandler MMAuth->authz
>> > require valid-user
>> > </Files>
>> >
>> >Standard subclasses of Apache::AuthCookie should not require any
>> >changes unless they're wacky (i.e. change more than just the
>> >authen_cred() and authen_ses_key() methods).
>> >
>> >
>> >
>> > ------------------- -------------------
>> > Ken Williams Last Bastion of Euclidity
>> > [EMAIL PROTECTED] The Math Forum
>>
>> ------------- -------------
>> Ken Williams Tech Mirror Music
>> [EMAIL PROTECTED] http://www.mirrormusic.com
>>
>>
>>
>
>--
>Salon Internet http://www.salon.com/
> HTTP mechanic, Perl diver, Mebwaster, Some of the above
>Ian Kallen <[EMAIL PROTECTED]> / AIM: iankallen / Fax: (415) 354-3326
>
------------------- -------------------
Ken Williams Last Bastion of Euclidity
[EMAIL PROTECTED] The Math Forum
