Apache-AuthCookieURL

 view release on metacpan or  search on metacpan

AuthCookieURL.pm  view on Meta::CPAN

    
}



sub recognize_user ($$) {
    my ($self, $r) = @_;
    my $debug = $r->dir_config( DEBUG ) || 0;
    my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name);
    return unless $auth_type && $auth_name;
    # return unless $r->header_in('Cookie');

    
    my ($cookie) = ($r->header_in( 'Cookie' ) || '') =~ /${auth_type}_$auth_name=([^;]+)/;

    # Get session from URI if not set in a cookie
    # (won't likely be here if this isn't a protected doc)
    $cookie ||= $r->notes( 'URI_Session' ) || '';


    $r->log_error("session provided  = '$cookie'" ) if $debug >= 1;

    return OK unless $cookie;

    if (my ($user) = $auth_type->authen_ses_key($r, $cookie)) {
        $r->log_error("recognize user = '$user'") if $debug >= 2;
        $r->connection->user($user);
    }
    return OK;
}


# Transhandler to strip the session from the URL
#
# $r->notes('Session_prefix')      session prefix found in httpd.conf
#                                  also used to idicate to login() that trans handler in use
#
# $r-notes('URI_Session')          is the extracted session.
#                                  authenticate() uses it if no cookie
#
# $r->subprocess_env( 'SESSION' )  is set so cgi scripts can prefix to href links
#
# $r->notes( 'SESSION' )           is set for ErrorDocument fixups - prefix
#                                  Location: headers if exists (might as well use the $ENV{SESSION})


sub URLsession ( $$ ) {
    my ($self, $r) = @_;

    return DECLINED unless $r->is_initial_req;

    # I'd like to be able to do this so don't need all that httpd.conf config
    # $r->custom_response( MOVED , \&error_document );
    # $r->custom_response( REDIRECT , \&error_document );


    my $debug = $r->dir_config( DEBUG ) || 0;
    $r->log_error('TRANS:Requested URI = \'' . $r->the_request() . "'" ) if $debug >= 3;


    my ( undef, $session, $rest ) = split m[/+], $r->uri, 3;
    $rest ||= '';

    my $prefix = $r->dir_config('SessionPrefix') || 'Session-';

    # This way simply adding the PerlTransHandler is enough to enable URL munging
    $r->notes( Session_prefix => $prefix );


    return DECLINED unless $session && $session =~ /^$prefix(.+)$/;


    # Session found.  Extract and make it available in notes();

    $session = $1;

    $r->log_error("Found session '$session' in url") if $debug >= 1;

    $r->notes( URI_Session => $session );


    # Make the prefix and session available to CGI scripts for use in absolute
    # links or redirects
    
    $r->subprocess_env( SESSION => "/$prefix$session" );

    $r->notes( SESSION => "/$prefix$session" );  # for error document fixup

 
    # Remove the session from the URI
    $r->uri( "/$rest" );

    return DECLINED;
}




# Error document

# Add the session ID to location headers on redirects
# iff not using cookies and host matches

sub error_document ($$) {
    my ( $self, $r )  = @_;

    my $uri;

    # unlikely, but might as well make sure there's a location header available

    if ( $r->prev->header_out('Location') ) {

        $uri = Apache::URI->parse($r, $r->prev->header_out('Location') );

        
        my $same_host   = 1;
        my $hostname    = $uri->hostname || '';
        $same_host = 0 if $hostname && $hostname ne $r->get_server_name;


        my $session = $r->prev->notes( 'SESSION' ) || '';



( run in 1.197 second using v1.01-cache-2.11-cpan-817d5f8af8b )