Apache-AuthCookie
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
Version: 3.07
*** mod_perl2 users: THIS RELEASE IS INCOMPATIBLE WITH PAST RELEASES ***
*** If you are running mod_perl2, you must update to at least ***
*** mod_perl 2.0.0 RC5. The mod_perl2 version of AuthCookie has been ***
*** renamed to Apache2::AuthCookie ***
** MP2: RENAME AuthCookie.pm.mp2 to Apache2::AuthCookie.
- MP2: Update module, and tests for mod_perl 2.0.0 RC5. mod_perl2 users
MUST use Apache2::AuthCookie now.
- Require Apache::Test 1.22
- Add support for ${auth_name}SessionTimeout configuration paramter
which will re-issue the ticket with the expires parameter set to the
value of this configuration setting for each request. This is useful for
idle-timeout.
- POD fixes.
- MP2: fix uninitialized warnings if no POST/GET data (RT 11371)
- make sure recognize_user() returns an Apache constant in all cases.
Returns DECLINED in cases where we were returning undef before.
(Thanks Vivek)
- Add support for MS HttpOnly cookie property.
lib/Apache/AuthCookie.pm view on Meta::CPAN
my $cookie_name = $self->cookie_name($r);
my ($cookie) = $r->header_in('Cookie') =~ /$cookie_name=([^;]+)/;
$r->log_error("cookie $cookie_name is $cookie") if $debug >= 2;
return DECLINED unless $cookie;
my ($user, @args) = $auth_type->authen_ses_key($r, $cookie);
if (!is_blank($user) and scalar @args == 0) {
$r->log_error("user is $user") if $debug >= 2;
# if SessionTimeout is on, send new cookie with new Expires.
if (my $expires = $r->dir_config("${auth_name}SessionTimeout")) {
$self->send_cookie($cookie, { expires => $expires });
}
$r->connection->user( $self->_encode($r, $user) );
}
elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
return $auth_type->custom_errors($r, $user, @args);
}
return is_blank($user) ? DECLINED : OK;
lib/Apache2/AuthCookie.pm view on Meta::CPAN
# scope of your cookie. Default is the current domain.
PerlSetVar WhatEverDomain .yourdomain.com
# Use this to only send over a secure connection
PerlSetVar WhatEverSecure 1
# Use this if you want user session cookies to expire if the user
# doesn't request a auth-required or recognize_user page for some
# time period. If set, a new cookie (with updated expire time)
# is set on every request.
PerlSetVar WhatEverSessionTimeout +30m
# to enable the HttpOnly cookie property, use HttpOnly.
# This is an MS extension. See:
# http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
PerlSetVar WhatEverHttpOnly 1
# to enable the SameSite cookie property, set SameSite to "lax" or "strict".
# See: https://www.owasp.org/index.php/SameSite
PerlSetVar WhatEverSameSite strict
lib/Apache2/AuthCookie/Base.pm view on Meta::CPAN
if (!is_blank($auth_user) and scalar @args == 0) {
# We have a valid session key, so we return with an OK value.
# Tell the rest of Apache what the authentication method and
# user is.
$r->ap_auth_type($auth_type);
$r->user( $auth_type->_encode($r, $auth_user) );
$r->server->log_error("user authenticated as $auth_user")
if $debug >= 1;
# send new cookie if SessionTimeout is on
if (my $expires = $r->dir_config("${auth_name}SessionTimeout")) {
$auth_type->send_cookie($r, $ses_key_cookie,
{expires => $expires});
}
return OK;
}
elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
return $auth_type->custom_errors($r, $auth_user, @args);
}
else {
t/conf/extra.conf.in view on Meta::CPAN
</IfDefine>
<IfDefine APACHE2_4>
# apache 2.4
<RequireAll>
Require myuser dopey programmer
</RequireAll>
</IfDefine>
</Location>
<Location /docs/stimeout>
PerlSetVar WhatEverSessionTimeout +10m
AuthName WhatEver
<IfDefine APACHE1>
AuthType Sample::Apache::AuthCookieHandler
PerlAuthenHandler Sample::Apache::AuthCookieHandler->authenticate
PerlAuthzHandler Sample::Apache::AuthCookieHandler->authorize
</IfDefine>
<IfDefine APACHE2>
<IfDefine !APACHE2_4>
AuthType Sample::Apache2::AuthCookieHandler
is($r->header('Location'), '/docs/protected/get_me.html',
'SameSite location header');
is($r->header('Set-Cookie'),
'Sample::AuthCookieHandler_WhatEver=programmer:Heroo; path=/; SameSite=strict',
'cookie contains SameSite attribute');
is($r->code, 302, 'check redirect response code');
};
# test SessionTimeout
subtest 'session timeout' => sub {
plan tests => 1;
my $r = GET(
'/docs/stimeout/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero'
);
like($r->header('Set-Cookie'),
qr/^Sample::AuthCookieHandler_WhatEver=.*expires=.+/,
view all matches for this distributionview release on metacpan - search on metacpan
( run in 1.766 second using v1.00-cache-2.02-grep-82fe00e-cpan-d29e8ade9f55 )