On Nov 26, 2007 6:12 PM, Alexander Burrows <[EMAIL PROTECTED]> wrote:
> Alright I have been sitting on the side lines of learning anything new about
> mod_perl for too long. So I hope I've come to the right place to get brushed
> up on things.

You have.  Welcome!

I don't write a lot of auth handlers, but here are some quick
observations on your code:

> sub handler {
>   my $r = Apache::Request->new(shift);
>
>   my $cookie = Apache::Cookie->fetch();
>
>   my %auth = $cookie->{'auth'}->value();
>
>   unless ( $auth{'id'} ) {
>     $r->headers_out->set(Location => '/sys-bin/login.cgi');
>     $r->status(REDIRECT);

Make sure you imported the REDIRECT constant.

>     return REDIRECT;
>     exit 1;

Don't use exit in mod_perl.  You don't want to shut down the web server.

I assume you're using apache 1.3 here, because you didn't use Apache2::Cookie.

You will eventually want to do more with the cookie to verify that it
came from you.  Usually people use some kind of HMAC for this.

Also, while I applaud your interest in learning to write custom auth
code, your needs sound pretty simple, and I bet you could use an
existing apache module for this.

- Perrin

Reply via email to