> > > -----Original Message-----
> > > From: will trillich [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, April 30, 2001 9:44 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: PerlAccessHandler -- struggling and drowning
>
> > > this is a PerlAccessHandler, which should check for the existence
> > > of a cookie in the incoming headers, and if not there (or
> > > expired) it should redirect the browser to a login area that
> > > takes name/password pair, and if valid, would then return the
> > > browser to the original URL. to do that, as we issue the
> > > 'redirect to the login area' we set a cookie containing the URL
> > > to return to.
>
> > I can't say as I've had any problems using
> > err_headers_out->add("Set-Cookie") with any browsers. I'm
> surprised to hear
> > that you've had problems with it.
>
> even DURING a redirect? i seem to have hit a chord here, as
> i'm getting lots of "me too" in my mailbox.
Even during a redirect. The following works for me (in a PerlInitHandler
NOT a PerlAccessHandler) with lynx (2.7) just fine.
$r->err_headers_out->add('Location' => $dest);
$r->err_headers_out->add('Set-Cookie' => $cookie);
$log->debug("Authentication successful. Redirecting to $dest");
return REDIRECT;
> > You might simply try giving up the use of
> > a cookie for this, and encode the return URL in a query
> string instead.
> > This is guaranteed to work regardless of browser, but
> you'll have to pass
> > this information between pages (a reasonable trade off for
> choosing to
> > support silly browsers, I suppose).
>
> something else i'm trying now is
>
> $r->set_handlers(PerlHandler => undef);
> $r->push_handlers( PerlHandler => sub { ...print "<meta
> http-equiv...
This ought to work and is a little more conceptually clean that what you
were trying to accomplish with redirects and printing content in the
PerlAccessHandler. Still, my gut feeling is that it's better to move the
handler up the chain to a PerlInitHandler and do simple redirects there.
Obviously it's preferable to perform access checks in PerlAccessHandlers,
but sometimes you do need to set a cookie when doing redirects.
> but THIS for some reason redirects the browser back to itself,
> instead of to the login area. the protected area is "/protected"
> and the login area is "/login" so the http-equiv tag looks like
> <meta http-equiv="Refresh" content="0;
http://www.fricking-site.com/login";>
but it cycles back to www.cannot-get-in.com/protected instead... !
Are you setting HTTP headers?
