You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Nick Tonkin <ni...@tonkinresolutions.com> on 2003/02/19 22:53:54 UTC

[mp2] Cookie behavior discrepancy in Auth* handlers ?

Hi all,

Cookies driving me nuts as usual but I think the problem appears to be
related to which handler phase we are in.

Basically, the same call to read the cookies works in the PerlHandler but
not in the PerlAccessHandler.

in Access.pm I have :

use CGI;
use CGI::Cookie;
sub handler {
    my $r = shift;
    warn $r->as_string;
    my $cookies = fetch CGI::Cookie;
    warn "Access Dumping Cookies:\n" . Dumper($cookies);
    return Apache::DECLINED if $r->uri =~ m|/authenticate|

Access.pm is called thus:

    <Location />
        AddType text/html .html
        AddHandler server-parsed .html
        Options +Includes

        PerlSetVar          WM_Auth_Domain     wm.tonkinresolutions.com
        PerlAccessHandler   WM::Auth::Access
    </Location>

in Auth.pm I have :

use CGI;
use CGI::Cookie;
sub handler {
    my $r = shift;
    warn $r->as_string;
    my $cookies = fetch CGI::Cookie;
    warn "Auth Dumping Cookies:\n" . Dumper($cookies);

Auth.pm is called thus:

    ErrorDocument 403 /authenticate

    <Location /authenticate>
        sethandler perl-script
        PerlHandler WM::Auth::Auth
    </Location>

I request /authenticate when I already have an 'auth' cookie on the
browser, and I get this:

Access Dumping Headers:
GET /authenticate?foo HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Host: wm.tonkinresolutions.com
Connection: Keep-Alive
Cookie: foo=bar;
remembered_uri=https%3A%2F%2Fwm.tonkinresolutions.com%2Findex.html;
auth=hash&6032ccbfd909f951dcfbd804441163bc&group_name&root&session&580a5fc6a0215f2eaecde2e6d5554b07&user&nick&_time&1045689878&expires&60

INCLUDED (null)

Access Dumping Cookies:
$VAR1 = undef;

Auth Dumping Headers:
GET /authenticate?foo HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Host: wm.tonkinresolutions.com
Connection: Keep-Alive
Cookie: foo=bar;
remembered_uri=https%3A%2F%2Fwm.tonkinresolutions.com%2Findex.html;
auth=hash&6032ccbfd909f951dcfbd804441163bc&group_name&root&session&580a5fc6a0215f2eaecde2e6d5554b07&user&nick&_time&1045689878&expires&60

HTTP/1.1 (null)

Auth Dumping Cookies:
$VAR1 = {
          'auth' => bless( {
                             'value' => [
                                          'hash',
                                          '6032ccbfd909f951dcfbd804441163bc',
                                          'group_name',
                                          'root',
                                          'session',
                                          '580a5fc6a0215f2eaecde2e6d5554b07',
                                          'user',
                                          'nick',
                                          '_time',
                                          '1045689878',
                                          'expires',
                                          '60'
                                        ],
                             'name' => 'auth',
                             'path' => '/'
                           }, 'CGI::Cookie' ),
          'foo' => bless( {
                            'value' => [
                                         'bar'
                                       ],
                            'name' => 'foo',
                            'path' => '/'
                          }, 'CGI::Cookie' ),
          'remembered_uri' => bless( {
                                       'value' => [
                                                    'https://wm.tonkinresolutions.com/index.html'
                                                  ],
                                       'name' => 'remembered_uri',
                                       'path' => '/'
                                     }, 'CGI::Cookie' )
        };



Can anyone offer a clue?

Thanks,

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

Re: [mp2] Cookie behavior discrepancy in Auth* handlers ?

Posted by Nick Tonkin <ni...@tonkinresolutions.com>.

On Wed, 19 Feb 2003, Nick Tonkin wrote:

>
> Hi all,
>
> Cookies driving me nuts as usual but I think the problem appears to be
> related to which handler phase we are in.
>
> Basically, the same call to read the cookies works in the PerlHandler but
> not in the PerlAccessHandler.

Responding to my own post here, to keep the archive complete. (That's the
only reason, since there doesn;t seem to be anyone else using cookies for
auth stuff in mp2 ...)

Testing has shown that the first diagnosis was correct. Stas tracked it
down to %ENV not getting populated prior to the Response phase. He is
working on a fix.

Meanwhile I'm getting around the problem by subclassing CGI::Cookie (which
we are using since Apache::Request is not ported to mp2 yet) thusly:

package WM::Auth::Cookie;

use strict;
use warnings;
use CGI::Cookie;

@WM::Auth::Cookie::ISA = qw/CGI::Cookie/;

sub fetch {
    my $class = shift;
    my $r = shift;
    my $raw_cookie = $r->headers_in->{'Cookie'};
    return () unless $raw_cookie;
    return $class->parse($raw_cookie);
}

1;

the only difference in API being that one must replace

my $cookie = CGI::Cookie->fetch();

with

my $cookie = WM::Auth::Cookie->fetch($r);

Looking forward to the proper fix though.

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>