view release on metacpan or  search on metacpan

AuthCookieURL.pm  view on Meta::CPAN

767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
That said, there are a few people using it and I've been using it for a
few months without problem.  The interface may change (or disappear) without notice.
Please report any problems or comments back to Bill Moseley E<lt>moseley@hank.orgE<gt>.
 
This module is a modification of Ken Williams E<lt>ken@forum.swarthmore.eduE<gt> Apache::AuthCookie.
Please see perldoc Apache::AuthCookie for complete instructions.  As this is intended to be
a drop-in replacement for Apache::AuthCookie you may wish to install and test with Ken's
Apache::AuthCookie before trying AuthCookieURL.
 
Basically, this module allows you to catch any unauthenticated access and redirect to a
login script that you define.  The login script posts credentials (e.g. username and password)
and your module can then validate and provide a session key.  The session key is sent in a cookie,
and also in a munged URL and a redirect is issued and the process starts all over.
 
Typically, you will write your own module that will override methods in Apache::AuthCookieURL.
These methods are described completely in Ken's Apache::AuthCookie.  Your methods will be used
to generate and validate session keys.  You can use Apache::AuthCookieURL without overriding
its methods and then AuthCookieURL can be used as a simple session manager.
 
With this module you should be able to enable session management for an entire site
using E<lt>Location /E<gt>, and then allow access to, say, the images directory, and also require
password access to other locations.  One issue at this point is that the session key is
stripped from URLs in a Trans handler.  So you would need to use cookies to use different
session keys for different parts of your web tree.
 
Apache::AuthCookieURL adds the following features to Apache::AuthCookie.
 
=over 4
 
=item * URL munging
 
If the PerlTransHandler is enabled in httpd.conf the session key will also be placed in the URL.

AuthCookieURL.pm  view on Meta::CPAN

823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
Unless you are not subclassing this module (and using the default methods provide),
your own module must define two methods: authen_cred() and authen_ses_key(), and then
subclass by including Apache::AuthCookieURL in your module's @ISA array.
Again, please see Apache::AuthCookie for
complete documentation.
 
=over 4
 
=item * authen_cred()
 
This method verifies the credentials (e.g. username/password) and returns a session key.  If the credentials are
not acceptable then you can return a list, with the second element being an error message
that is placed in a cookie.  This allows your login script to display a failure reason.  This
method is needed since a redirect is done before your login script is executed again.  Of course,
this requires that the client has cookies enabled.
 
Another method is to return a session key that is really an error code and generate
messages based on that returned session (error) code.
 
=item * authen_ses_key()