Re: odd authetication situation
The client only sends basic auth credentials when requested. So if you have an authorization handler that might validate a cookie and return OK before basic auth credentials are requested of the client, then you will need to set $r->user from that handler for it to be accessible later on down the chain. Regards, Tim Tompkins -- Programmer http://www.arttoday.com/ http://www.rebelartist.com/ --
Re: odd authetication situation
Peter wrote: > Maybe you can try to add specifically: > $r->connection->user('who_the_user_is') before the cookie access control > returns OK in the module. Note that some of the cookie authentication > modules are based on "access-only" control so $r->connection->user() can > return a value in late phases only if one assigns it at the first place. Point of clarification... The authentication I'm writing about is BASIC AUTHENTICATION. apache takes care of all of that. It appears as though the client is not sending it, but I don't know why ... and if not, how it manages to pass the authentication portion of the apache request loop. the example I'm using does the following: .htaccess AuthType Basic AuthName MagicName AuthUserFile /home/web/public_html/cgi/private/user.access require valid-user scriptA.plx ->redirect to scriptB.plx scriptB.plx ->redirect to scriptA.plx CONDITIONALLY if the CONDITION is met, the redirect is not done i.e. cookie present + "user" present what happens.. scriptA always has ENV{REMOTE_USER} and $r->connection->user valid scriptB rarely has them both valid either script can set the same cookie if it is not present. The cookie is always present for scriptA and usually but not always present for scriptB WHY??? Michael
Re: odd authetication situation
> Maybe you can try to add specifically: > $r->connection->user('who_the_user_is') before the cookie access > control returns OK in the module. Note that some of the cookie > authentication modules are based on "access-only" control so > $r->connection->user() can return a value in late phases only if one > assigns it at the first place. > > > Peter Bi > hmm... let me see if I understand what you are saying It is necessary to specify $r->connection->user('current-known-user'); before I send OK so that on the next contact by the browser to the web server $r->connection->user will have the correct value??? Is this because of keep-alives and using the same child process?? I would think that the client would send the token for each connection. then what about the Cookie?? It appears that gets lost sometimes, but not as often as the authentication token. This "fuzzy" behavior makes redirects where cookies and tokens are expected very dicey... Michael > - Original Message - > From: "Michael Robinton" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, August 28, 2002 1:05 PM > Subject: odd authetication situation > > > > > > I have a modperl handler that sets a cookie and does a redirect if the > > cookie was not present. The redirected page eventually loads the same page > > again. In addition, this page is called from a protected portion of the > > site that requires Basic Auth. > > > > When the redirect calls the mod_perl routine the second or "some" > > subsequent times, $r->connection->user and $ENV{REMOTE_USER} are both > > empty or non-existent yet the page does not appear to fail the > > authentication request and executes and returns html. > > > > The failure is repeatable though not consistently so, maybe 70% or more. > > > > I'm scratching my head on this one. Any ideas?? > > > > Michael
Re: odd authetication situation
Maybe you can try to add specifically: $r->connection->user('who_the_user_is') before the cookie access control returns OK in the module. Note that some of the cookie authentication modules are based on "access-only" control so $r->connection->user() can return a value in late phases only if one assigns it at the first place. Peter Bi - Original Message - From: "Michael Robinton" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 28, 2002 1:05 PM Subject: odd authetication situation > > I have a modperl handler that sets a cookie and does a redirect if the > cookie was not present. The redirected page eventually loads the same page > again. In addition, this page is called from a protected portion of the > site that requires Basic Auth. > > When the redirect calls the mod_perl routine the second or "some" > subsequent times, $r->connection->user and $ENV{REMOTE_USER} are both > empty or non-existent yet the page does not appear to fail the > authentication request and executes and returns html. > > The failure is repeatable though not consistently so, maybe 70% or more. > > I'm scratching my head on this one. Any ideas?? > > Michael > >