Thanks Perrin for the reply.

I have seen some mods out there that sound like they will do what I want but
as of yet I have not found any god examples of them. I'm one of those people
who really needs to see a working practical use of the application as the
perldocs tend to be a bit ambiguous to me.

Also what is HMAC?

-Alexander


Perrin Harkins wrote:
> 
> On Nov 26, 2007 6:12 PM, Alexander Burrows <[EMAIL PROTECTED]> wrote:
>> Alright I have been sitting on the side lines of learning anything new
>> about
>> mod_perl for too long. So I hope I've come to the right place to get
>> brushed
>> up on things.
> 
> You have.  Welcome!
> 
> I don't write a lot of auth handlers, but here are some quick
> observations on your code:
> 
>> sub handler {
>>   my $r = Apache::Request->new(shift);
>>
>>   my $cookie = Apache::Cookie->fetch();
>>
>>   my %auth = $cookie->{'auth'}->value();
>>
>>   unless ( $auth{'id'} ) {
>>     $r->headers_out->set(Location => '/sys-bin/login.cgi');
>>     $r->status(REDIRECT);
> 
> Make sure you imported the REDIRECT constant.
> 
>>     return REDIRECT;
>>     exit 1;
> 
> Don't use exit in mod_perl.  You don't want to shut down the web server.
> 
> I assume you're using apache 1.3 here, because you didn't use
> Apache2::Cookie.
> 
> You will eventually want to do more with the cookie to verify that it
> came from you.  Usually people use some kind of HMAC for this.
> 
> Also, while I applaud your interest in learning to write custom auth
> code, your needs sound pretty simple, and I bet you could use an
> existing apache module for this.
> 
> - Perrin
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Auth-Question-need-some-input-tf4878626.html#a13984614
Sent from the mod_perl - General mailing list archive at Nabble.com.

Reply via email to