On Nov 26, 2007 6:12 PM, Alexander Burrows <[EMAIL PROTECTED]> wrote:
> Alright I have been sitting on the side lines of learning anything new about
> mod_perl for too long. So I hope I've come to the right place to get brushed
> up on things.
You have. Welcome!
I don't write a lot of auth handlers, but here are some quick
observations on your code:
> sub handler {
> my $r = Apache::Request->new(shift);
>
> my $cookie = Apache::Cookie->fetch();
>
> my %auth = $cookie->{'auth'}->value();
>
> unless ( $auth{'id'} ) {
> $r->headers_out->set(Location => '/sys-bin/login.cgi');
> $r->status(REDIRECT);
Make sure you imported the REDIRECT constant.
> return REDIRECT;
> exit 1;
Don't use exit in mod_perl. You don't want to shut down the web server.
I assume you're using apache 1.3 here, because you didn't use Apache2::Cookie.
You will eventually want to do more with the cookie to verify that it
came from you. Usually people use some kind of HMAC for this.
Also, while I applaud your interest in learning to write custom auth
code, your needs sound pretty simple, and I bet you could use an
existing apache module for this.
- Perrin
