I'm considering use of Apache::AuthCookie in my environment. Here's the
problem I need to solve. I'm not certain if AuthCookie will, without
modification, support my needs.
1. Authentication cookies are doled out from a centralized server that is
out of my control and cannot be modified to suit my local needs (if
any).
2. If the cookie is not present when a user hits my site, I redirect to
the
centralized server and leave breadcrumbs in the redirect for the cookie
server to redirect back to me after giving out the cookie.
3. I need to parse the cookie to determine validity and populate certain
environmental variables.
4. I cannot modify the cookie and should not send additional cookies.
I know that AuthCookie in combination with a locally-written subclass to
implement the authen_ses_key method will handle needs 1-3. I'm uncertain
about 4. Can I use an unmodified AuthCookie to ensure that whatever format
the inbound cookie is in is sufficient and will not need to be modified or
supplemented? I believe the answer is no, and, if it is, should this be
something that AuthCookie be modified to handle?
Thanks,
Christian
-----------------
Christian Gilmore
Technology Leader
GeT WW Global Applications Development
IBM Software Group
