view release on metacpan or  search on metacpan

lib/Apache/AuthCookie.pm  view on Meta::CPAN

    my $r = shift || Apache->request;

    my $auth_name = $r->auth_name;

    return $r->dir_config("${auth_name}Path");
}

sub _encode {
    my ($self, $r, $value) = @_;

    my $encoding = $self->encoding($r);

    if (is_blank($encoding)) {
        return $value;
    }
    else {
        return Encode::encode($encoding, $value);
    }
}

1;

=pod

=encoding UTF-8

=head1 NAME

Apache::AuthCookie - Perl Authentication and Authorization via cookies

=head1 VERSION

version 3.32

=head1 SYNOPSIS

Make sure your mod_perl is at least 1.24, with StackedHandlers,
MethodHandlers, Authen, and Authz compiled in.

 # In httpd.conf or .htaccess:
 PerlModule Sample::Apache::AuthCookieHandler
 PerlSetVar WhatEverPath /
 PerlSetVar WhatEverLoginScript /login.pl

 # use to alter how "require" directives are matched. Can be "Any" or "All".
 # If its "Any", then you must only match Any of the "require" directives. If
 # its "All", then you must match All of the require directives. 
 #
 # Default: All
 PerlSetVar WhatEverSatisfy Any
 
 # The following line is optional - it allows you to set the domain
 # scope of your cookie.  Default is the current domain.
 PerlSetVar WhatEverDomain .yourdomain.com

 # Use this to only send over a secure connection
 PerlSetVar WhatEverSecure 1

 # Use this if you want user session cookies to expire if the user
 # doesn't request a auth-required or recognize_user page for some
 # time period.  If set, a new cookie (with updated expire time)
 # is set on every request.
 PerlSetVar WhatEverSessionTimeout +30m

 # to enable the HttpOnly cookie property, use HttpOnly.
 # this is an MS extension.  See
 # http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
 PerlSetVar WhatEverHttpOnly 1

 # Usually documents are uncached - turn off here
 PerlSetVar WhatEverCache 1

 # Use this to make your cookies persistent (+2 hours here)
 PerlSetVar WhatEverExpires +2h

 # Use to make AuthCookie send a P3P header with the cookie
 # see http://www.w3.org/P3P/ for details about what the value 
 # of this should be
 PerlSetVar WhatEverP3P "CP=\"...\""

 # optional: enforce that the destination argument from the login form is
 # local to the server
 PerlSetVar WhatEverEnforceLocalDestination 1

 # optional: specify a default destination for when the destination argument
 # of the login form is invalid or unspecified
 PerlSetVar WhatEverDefaultDestination /protected/user/

 # These documents require user to be logged in.
 <Location /protected>
  AuthType Sample::Apache::AuthCookieHandler
  AuthName WhatEver
  PerlAuthenHandler Sample::Apache::AuthCookieHandler->authenticate
  PerlAuthzHandler Sample::Apache::AuthCookieHandler->authorize
  require valid-user
 </Location>

 # These documents don't require logging in, but allow it.
 <FilesMatch "\.ok$">
  AuthType Sample::Apache::AuthCookieHandler
  AuthName WhatEver
  PerlFixupHandler Sample::Apache::AuthCookieHandler->recognize_user
 </FilesMatch>

 # This is the action of the login.pl script above.
 <Files LOGIN>
  AuthType Sample::Apache::AuthCookieHandler
  AuthName WhatEver
  SetHandler perl-script
  PerlHandler Sample::Apache::AuthCookieHandler->login
 </Files>

=head1 DESCRIPTION

B<Apache::AuthCookie> allows you to intercept a user's first
unauthenticated access to a protected document. The user will be
presented with a custom form where they can enter authentication
credentials. The credentials are posted to the server where AuthCookie
verifies them and returns a session key.

The session key is returned to the user's browser as a cookie. As a