Apache-AxKit-Plugin-Session
view release on metacpan or search on metacpan
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
use vars qw($redirect_location);
BEGIN {
use Apache::Table;
use Apache::Session::File;
use Apache::Constants qw(:common :response);
our $VERSION = 1.00;
}
#######################################################
# this code comes from Apache::AuthCookieURL (modified)
#
use mod_perl qw(1.24 StackedHandlers MethodHandlers Authen Authz);
use Apache::Constants qw(:common M_GET REDIRECT MOVED);
use Apache::URI ();
use Apache::Cookie;
use URI::Escape;
use URI;
# store reason of failed authentication, authorization or login for later retrieval
#======================
sub orig_save_reason ($;$) {
#----------------------
my ($self, $error_message) = @_;
$self->debug(3,"======= save_reason(".join(',',@_).")");
my $r = Apache->request();
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
}
if ($r->pnotes('INPUT') && $r ne $or) {
$or->pnotes('INPUT',$r->pnotes('INPUT'));
$or->pnotes('UPLOADS',$r->pnotes('UPLOADS'));
$or->pnotes('COOKIES',$r->pnotes('COOKIES'));
$or->pnotes('COOKIES',{}) unless $or->pnotes('COOKIES');
return;
}
my %cookies;
my %cookiejar = Apache::Cookie->new($r)->parse;
foreach (sort keys %cookiejar) {
my $cookie = $cookiejar{$_};
$cookies{$cookie->name} = $cookie->value;
}
$or->pnotes('COOKIES',\%cookies);
$r->pnotes('COOKIES',$or->pnotes('COOKIES')) if ($r ne $or);
# avoid parsing the input so later modules can modify it
return if (!$full);
return if $r->pnotes('INPUT');
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
#====================
sub send_cookie($@) {
#--------------------
my ($self, %settings) = @_;
$self->debug(3,"======= send_cookie(".join(',',@_).")");
my $r = Apache->request();
my $auth_name = $r->auth_name || 'AxKitSession';
my $auth_type = $r->auth_type || __PACKAGE__;
return if $r->dir_config($auth_name.'NoCookie');
$settings{name} = "${auth_type}_$auth_name".($settings{name}||'');
for (qw{Path Expires Domain Secure}) {
my $s = lc();
next if exists $settings{$s};
if (my $value = $r->dir_config($auth_name.$_)) {
$settings{$s} = $value;
}
delete $settings{$s} if !defined $settings{$s};
}
# need to do this so will return cookie when url is munged.
$settings{path} ||= '/';
$settings{domain} ||= $r->hostname;
my $cookie = Apache::Cookie->new($r, %settings);
$cookie->bake;
$r->err_headers_out->add("Set-Cookie" => $cookie->as_string);
$self->debug(3,'Sent cookie: ' . $cookie->as_string);
}
# ____ End of send_cookie ____
#=============
sub key ($) {
#-------------
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
# subclass this one if you want to invalidate a session db
# entry or something like that
#================
sub orig_logout ($$) {
#----------------
my ($self,$r, $location) = @_;
$self->debug(3,"======= logout(".join(',',@_).")");
my $auth_name = $r->auth_name || 'AxKitSession';
my $auth_type = $r->auth_type || __PACKAGE__;
# Send the Set-Cookie header to expire the auth cookie.
$self->send_cookie(value=>'');
$r->no_cache(1) unless $r->dir_config($auth_name.'Cache');
$location = $r->dir_config($auth_name.'LogoutURI') if @_ < 3;
$r->notes('SESSION_URLPREFIX',''); # so error doc doesn't fixup.
return OK if !$location;
$r->header_out(Location => $location);
return REDIRECT;
}
# ____ End of logout ____
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
$self->debug(1,"user authenticated as $auth_user. Exiting Authen.");
# Clean up the path by redirecting if cookies are in use and valid
if ($r->pnotes('COOKIES') && $r->pnotes('COOKIES')->{$auth_type.'_'.$auth_name} &&
$r->pnotes('COOKIES')->{$auth_type.'_'.$auth_name} eq $session &&
$r->notes('SESSION_URLPREFIX')) {
my $uri = $r->uri;
$uri .= '?'.$r->args if $r->args;
my $query = $self->save_params($uri);
$self->debug(3,"URL and Cookies are in use - redirecting to '$query'");
# prevent the error_document from adding the session back in.
$r->notes('SESSION_URLPREFIX', undef );
return $self->external_redirect($query);
}
return OK;
} else {
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
};
push @Apache::ReadConfig::ErrorDocument, [ 302, $redirect_location ];
push @Apache::ReadConfig::ErrorDocument, [ 301, $redirect_location ];
}
# ____ End of import ____
$redirect_location ||= '/redirect';
#__PACKAGE__->initialize_url_sessions($redirect_location) if ($Apache::Server::Starting);
#
# end of AuthCookieURL.pm
#######################################################
sub has_permission {
my ($r, $attr_target) = @_;
$attr_target = URI->new_abs($attr_target, $r->uri);
return 1 if ($r->uri eq $attr_target);
my $subr = $r->lookup_uri($attr_target);
return $subr->status == 200;
}
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
$self->debug(3,"--------- not(".join(',',@_).")");
my ($requirement, $arg) = split /\s+/, $args, 2;
$requirement = makeVariableName($requirement);
no strict 'refs';
my $rc = $self->$requirement($r,$arg);
$self->debug(4,"-------- $requirement returned $rc");
return FORBIDDEN if $rc == OK;
return OK;
}
# methods for retrieving permissions (get_permissions is in AuthCookieURL)
sub default_unpack_requirement {
my ($self, $req, $args) = @_;
return [ $req => [ split(/\s+/,$args) ] ];
}
*unpack_requirement_subrequest = \&default_unpack_requirement;
*unpack_requirement_valid_user = \&default_unpack_requirement;
*unpack_requirement_user = \&default_unpack_requirement;
*unpack_requirement_group = \&default_unpack_requirement;
*unpack_requirement_level = \&default_unpack_requirement;
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
my ($self, $r, @reqs) = @_;
my @rc;
my $req;
foreach my $req (@reqs) {
my $sub = "pack_requirement_".makeVariableName($$req[0]);
push @rc, [ $$req[0], $self->$sub($req) ];
}
$self->set_permissions($r,@rc);
}
# overriding AuthCookieURL to implement OR style require handling
sub authorize ($$;$) {
my ($self, $r, $reqs) = @_;
my $auth_type = $self;
$self->debug(3,"------- authorize(".join(',',@_).")");
# This is a way to open up some documents/directories
return OK if lc $r->auth_name eq 'none';
return OK if $r->uri eq $r->dir_config(($r->auth_name || 'AxKitSession').'LoginScript');
return OK if ($r->main?$r->main->uri:$r->uri) =~ m/^$redirect_location(\/|$)/;
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
Want to check the IP address for sessions?
PerlSetVar AxKitSessionIPCheck 1
Beware that IP checking is dangerous: Some people have different IP addresses
for each request, AOL customers for example. There are several values for you
to choose: 0 = no check; 1 = use numeric IP address or X-Forwarded-For, if present;
2 = use numeric IP address with last part stripped (/24 subnet); 3 = use
numeric IP address
=head2 Cookie options
Look at L<Apache::Cookie>. You'll quickly get the idea:
PerlSetVar AxKitSessionPath /
PerlSetVar AxKitSessionExpires +1d
PerlSetVar AxKitSessionDomain some.domain
PerlSetVar AxKitSessionSecure 1
Path can only be set to "/" if using URL sessions. Do not set "AxKitSessionExpires",
since the default value is best: it keeps the cookies until the user closes his
browser.
Disable cookies: (force URL-encoded sessions)
PerlSetVar AxKitSessionNoCookie 1
=head2 Internal options
DANGER! Do not fiddle with these unless you know what you are doing.
Want a different redirector location? (default is '/redirect')
<Perl>$Apache::AxKit::Plugin::Session::redirect_location = "/redir";</Perl>
Debugging:
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
PerlSetVar SessionPrefix Session-
=head1 DESCRIPTION
WARNING: This version is for AxKit 1.7 and above!
This module is an authentication and authorization handler for Apache, designed specifically
to work with Apache::AxKit. It should be generic enough to work without it as well, only
much of its comfort lies in a separate XSP taglib which is distributed alongside this module.
It combines authentication and authorization in Apache::AuthCookieURL style with session management
via one of the Apache::Session modules. It should even work with Apache::Session::Counted. See those
manpages for more information, but be sure to note the differences in configuration!
In addition to Apache::AuthCookieURL, you get:
=over 4
=item * session data in $r->pnotes('SESSION')
=item * global application data in $r->pnotes('GLOBAL')
=item * sessions without the need to login (guest account)
=item * automatic expiration of sessions after 30 minutes (with
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
=head1 CONFIGURATION SETTINGS
See the synopsis for an overview and quick explanation.
All settings are set with PerlSetVar and may occur in any location PerlSetVar is allowed in,
except SessionPrefix, which must be a global setting.
=over 4
=item * SessionPrefix, AxKitSessionCache, AxKitSessionLoginScript, AxKitSessionLogoutURI,
AxKitSessionNoCookie, AxKitSession(Path|Expires|Domain|Secure)
These settings are similar to Apache::AuthCookieURL. Some of them are very advanced
and probably not needed at all. Some may be broken by now. Please only use the documented
variables shown in the synopsis.
=item * AxKitSessionExpire
Sets the session expire timeout in minutes. The value must be a multiple of 5.
Example: PerlSetVar AxKitSessionExpire 30
Note that the session expire timeout (AxKitSessionExpire) is different from the cookie expire
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
source for more information.
=head1 WARNING
URL munging has security issues. Session keys can get written to access logs, cached by
browsers, leak outside your site, and can be broken if your pages use absolute links to other
pages on-site (but there is HTTP Referer: header tracking for this case). Keep this in mind.
The redirect handler tries to catch the case of external redirects by changing them into
self-refreshing pages, thus removing a possibly sensitive http referrer header. This
won't work from mod_perl, so use Apache::AuthCookieURL's fixup_redirect instead. If you are
adding hyperlinks to your page, change http://www.foo.com to /redirect?url=http://www.foo.com
=head1 REQUIRED
Apache::Session, AxKit 1.7, mod_perl 1.2x
=head1 AUTHOR
Jörg Walter E<lt>jwalt@cpan.orgE<gt>.
=head1 VERSION
1.00
=head1 SEE ALSO
L<Apache::AuthCookie>, L<Apache::AuthCookieURL>, L<Apache::Session>,
L<Apache::Session::File>, L<Apache::Session::Counted>, L<AxKit::XSP::Session>,
L<AxKit::XSP::Auth>, L<AxKit::XSP::Globals>, L<Tie::SymlinkTree>
=cut
( run in 1.040 second using v1.01-cache-2.11-cpan-e9199f4ba4c )