[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modperl
Subject:    Re: UN-Authenticating users?
From:       Ken Williams <ken () forum ! swarthmore ! edu>
Date:       2000-02-15 4:02:02
[Download RAW message or body]

john@jsw4.net (John Walker) wrote:
>I'm writing some stuff with CGI under mod perl. The users have to
>authenticate prior to even getting to the script... However, some of my
>users have more than one login with separate privlidges... (provided by
>the script). I want them to be able to log out and then log back in as
>someone else, but I can't quite figure out how to "UN-Authenticate".
>(DE-Authenticate?)

You can't do it with standard auth, you need cookie-based auth or another
alternative.  Check out Apache::AuthCookie.

The login credentials are stored in the browser, and browsers don't provide any
logout mechanism.  It's been one of the most glaring oversights since version 1
of Netscape, in my opinion.

>I'm using CGI.pm under Apache::Registry, so I don't have a nice $r
>object to see if I could do something like $c->user = ""; which I'm
>guessing would barf anyway.

You can call Apache->request() to get the $r object.  But you're right, that
would barf.

  -------------------                            -------------------
  Ken Williams                             Last Bastion of Euclidity
  ken@forum.swarthmore.edu                            The Math Forum

[prev in list] [next in list] [prev in thread] [next in thread]