[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modperl
Subject:    Re: Logging to apache from perl
From:       Erdmut Pfeifer <e.pfeifer () science-computing ! de>
Date:       2001-01-31 4:46:23
[Download RAW message or body]

On Wed, Jan 31, 2001 at 01:18:45AM +0000, harilaos wrote:
> Hello,
> thanks for the code below. I have put the following into access.conf
> <Location /cgi-bin>
> PerlAuthenHandler  Apache::SillyAuthen;
> </Location>
> I copied your code into my modules Apache directory.
> and in cgi-bin i have a script to print all environment variables but
> $remote_user=$ENV{'REMOTE_USER'}; is empty. am i doing anything wrong?
> Also it is for tracking users across my site. So far i am doing it with
> hidden fields, putting session_id in url.
> I thought having a variable following the user without putting all the
> above would
> be easier.

maybe I didn't completely understand what you are trying to achieve, but
before spending too much time on sorting out the technical details of
how to emulate a regular authentication process, I'd rather stick to
the established techniques of user-tracking like
  (a) munging session-ids into URLs
  (b) cookies
  (c) hidden fields (when using forms).
Actually, I don't think that the "REMOTE_USER technique" would work, if
you never let the browser know, that a certain location needs
authentication (and once you let it know, it'll pop up that dialog box).
Normally, the browser "remembers" that a location needs authentication
after having filled in the dialog box the first time. Upon subsequent
requests to the same location, the authentication info automatically
gets resend by the browser. It's not clear to me, how you intend
to emulate that mechanism purely server-side.
Let me know if I misunderstood something...

Erdmut


> 
> darren chamberlain wrote:
> > 
> > harilaos (harilaos@ntlworld.com) said something to this effect on 01/30/2001:
> > > I want to create a username and password when a user enters my site,
> > > then pass these values to apache to authenticate. Then i could
> > > have the REMOTE_USER variable available throught the users
> > > stay at my site.
> > 
> > You want to create them? Do you mean create a new session for
> > each user? You might want to look into Apache::Session for this;
> > it has a customizable session key generator.
> > 
> > Here is a simple example, generating a simple session id. Run this
> > as a PerlAuthenHandler:
> > 
> > package Apache::SillyAuthen;
> > 
> > use Apache::Constants qw(OK);
> > use MD5;
> > 
> > sub handler {
> >     my $r = shift;
> > 
> >     # Make a random "username". This can be a call to any
> >     # function, etc, that can generate a username
> >     my $session = MD5->hexhash($r->get_remote_host . time . {});
> > 
> >     # Set the username in the conn_rec
> >     $r->connection->user($session);
> > 
> >     # Set the REMOTE_USER env variable
> >     $r->subprocess_env('REMOTE_USER', $session);
> > 
> >     # Be sure to tell Apache that the authentication handler did
> >     # its thing!
> >     return OK;
> > }
> > 
> > Is that what you mean?
> > 
> > (darren)
> > 
> > --
> > It's not that things are getting worse, it's just that news reporting is
> > getting better.

-- 
Erdmut Pfeifer
science+computing gmbh

-- Bugs come in through open windows. Keep Windows shut! --

[prev in list] [next in list] [prev in thread] [next in thread]