Cheers Fellas, this was the bit I was concerned about. Apache::AuthCookie, looked a little bloated to me, however I'm a big fan of only inventying new types of wheels not old so I'll revisit...
Regards Marty --- Michael J Schout <[EMAIL PROTECTED]> wrote: > On Wed, 10 Nov 2004, Skylos wrote: > > > it could go... > > > > -> GET content from myserver port 80 > > <- 403 errordocument login form > > -> POST credentials to myserver port 443 > > <- Location http://myserver/content > > <- Set-Cookie: ticket=gooduser; Domain=myserver; > Path=content; > > -> GET content from myserver port 80 > > <- 403 errordocument login form > > > > And the question would be... Why would the browser > say GET without the > > cookie attached? > > > > It could be... because it didn't get the cookie > from myserver:80 - it > > got it from myserver:443 - and the security > settings of the browser > > say, 'enable only for the originating web server' > > The port numbers do not matter at all. There are a > number of things you > need to be aware of for cookies to work properly in > this scenario. > > - If you want the cookie to be presented over > non-SSL connections, you > need to make sure that AuthNameSecure is not > turned on in AuthCookie. > The "Secure" setting tells the browser to only > send the cookie over > SSL connections. > > - If your using MSIE, you also need to properly > create a P3P policy, > otherwise MSIE might not return the cookie > (depending on security > settings). The way you create a P3P policy is > beyond the scope of > this email. In AuthCookie you can do this with > something like: > > PerlSetVar AuthNameP3P "CP=\"ALL DSP ...\"" > > but you need to read up on P3P to know what the > value should be. > > But there is no problem issuing cookies on HTTPS and > having the browser > return them over non SSL provided that the "Domain" > paramter of the > cookie is properly set, and the "Secure" setting is > turned off. > > Regards, > Michael Schout > > -- > Report problems: http://perl.apache.org/bugs/ > Mail list info: > http://perl.apache.org/maillist/modperl.html > List etiquette: > http://perl.apache.org/maillist/email-etiquette.html > > ___________________________________________________________ Moving house? Beach bar in Thailand? New Wardrobe? Win 10k with Yahoo! Mail to make your dream a reality. Get Yahoo! Mail http://uk.mail.yahoo.com -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
