Apache-AuthCookieURL
1 match

 view release on metacpan or  search on metacpan

AuthCookieURL.pm  view on Meta::CPAN 

authen_cred() should just return a session key without checking the credentials.

If you do not override AuthCookieURL::authen_cred(), then AuthCookieURL::authen_cred()
simply returns this for a session key.

    return time . $$ . int rand $$;

Example: PerlSetVar WhateverLoginScript /login.pl
         PerlSetVar WhateverLoginScript NONE

=item * WhateverNoCookie

Turns off cookies.

Example: PerlSetVar WhateverNoCookie 1

=item * Whatever(Path|Expires|Domain|Secure)

These all control the values sent in cookies.  Path, if used, must be '/' if
using URL-based sessions.

Example: PerlSetVar WhateverPath /


=back

=head1 ENVIRONMENT AND NOTES

Apache::AuthCookieURL sets some environment variables and Apache notes:

authen_ses_key() returns a value that is placed in $ENV{REMOTE_USER}.  authen_ses_key()
normally converts the session key into a username.

$ENV{SESSION} contains the current session key

$ENV{AuthCookieURLReason} contains the reason authentication failed.  Either
'no_session_provided' or 'bad_session_provided'.

$r-E<gt>notes( 'URI_Session' ) is the session extracted from the URI

$r-E<gt>notes('Session_prefix') is the prefix used with the session keys, of course.

$r-E<gt>notes( 'SESSION' ) is the full session, including the prefix.



=head1 WARNING

URL munging has security issues.  Session keys can get written to access logs, cached by
browsers, leak outside your site, and are broken if your pages use absolute links to other
pages on-site.

=head1 TO DO

Apache::AuthCookieURL uses error documents to try to fixup any redirects.  The obvious
example is when a request is made for a directory without a trailing slash and Apache
issues a redirect.  (Actually, AuthCookieURL tries to detect this case and rewrite the URL
before Apache redirects.)  I wish I knew a better way to fixup Location: headers in
redirects without sub-requesting every request.  There's no way to catch a CGI script
or module that might issue a Location: header or REDIRECT.
I guess that's left for Apache 2.0 when all output can be filtered.

=head1 REQUIRED

mod_perl 1.24, Apache::Cookie


=head1 AUTHOR

Bill Moseley E<lt>moseley@hank.orgE<gt> made minor changes to Ken Williams' E<lt>ken@forum.swarthmore.eduE<gt>
Apache::AuthCookie.

Thanks very much to Ken for Apache::AuthCookie.

=head1 VERSION

    $Revision: 1.3 $

=head1 SEE ALSO

L<Apache::AuthCookie>

=cut



( run in 1.798 second using v1.01-cache-2.11-cpan-e1769b4cff6 )