> Maybe you can try to add specifically:
> $r->connection->user('who_the_user_is') before the cookie access
> control returns OK in the module. Note that some of the cookie
> authentication modules are based on "access-only" control so
> $r->connection->user() can return a value in late phases only if one
> assigns it at the first place.
>
>
> Peter Bi
>
hmm... let me see if I understand what you are saying....
It is necessary to specify $r->connection->user('current-known-user');
before I send OK so that on the next contact by the browser to the web
server $r->connection->user will have the correct value???
Is this because of keep-alives and using the same child process??
I would think that the client would send the token for each connection.
.... then what about the Cookie?? It appears that gets lost sometimes,
but not as often as the authentication token. This "fuzzy" behavior makes
redirects where cookies and tokens are expected very dicey...
Michael
> ----- Original Message -----
> From: "Michael Robinton" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, August 28, 2002 1:05 PM
> Subject: odd authetication situation
>
>
> >
> > I have a modperl handler that sets a cookie and does a redirect if the
> > cookie was not present. The redirected page eventually loads the same
page
> > again. In addition, this page is called from a protected portion of
the
> > site that requires Basic Auth.
> >
> > When the redirect calls the mod_perl routine the second or "some"
> > subsequent times, $r->connection->user and $ENV{REMOTE_USER} are both
> > empty or non-existent yet the page does not appear to fail the
> > authentication request and executes and returns html.
> >
> > The failure is repeatable though not consistently so, maybe 70% or
more.
> >
> > I'm scratching my head on this one. Any ideas??
> >
> > Michael
