You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Øyvind Gjerstad <og...@tollpost.no> on 2002/01/04 14:43:32 UTC

Problems with cookies in Apache::AuthCookie

I'm trying to get Apache::AuthCookie and Apache::AuthCookieDBI to work. 
However it seems like I can't set any cookies. I have cookies enabled in 
my browser (with warnings), but I can't read the cookie after the 
redirect from the login-script. I'm pretty sure the cookie is never sent 
to the browser. How can I check if the redirect is happening?

Here is the log with AuthCookieDebug set to 3:

[Fri Jan  4 14:23:46 2002] [error] credential_0 ogj
[Fri Jan  4 14:23:46 2002] [error] credential_1 xxxxxxx
[Fri Jan  4 14:23:46 2002] [error] ses_key 
ogj:2002-01-04-14-23-46:2002-01-05-14
-23-46:54f7553ccb96d3af70abe449f053ee3d
[Fri Jan  4 14:23:46 2002] [error] auth_type Apache::AuthCookieDBI
[Fri Jan  4 14:23:46 2002] [error] auth_name PrisInformasjon
[Fri Jan  4 14:23:46 2002] [error] ses_key_cookie
[Fri Jan  4 14:23:46 2002] [error] uri /tgweb/protected/index.html


I get a ses_key, but no value in ses_key_cookie. I tried to dump all 
headers to the log, but there were no signs of any cookie-related things.

I must admit that I don't quite understand how the setting of 
WhatEverPath (in my case "PrisInformasjonPath") relates to the rest of 
my configuration.

Btw: is setting a cookie and then doing a redirect safe with all 
browsers (at least those with cookies turned on)?

Using AuthCookie 3.00 and AuthCookieDBI 1.18, mod_perl 1.25, perl 
5.005_03 under Apache 1.3.19, HP-UX  10.20. Currently testing with 
Mozilla 1.9.6, Linux.

Thanks,
-- 
Øyvind



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. (mailto:postmaster@tollpost.no)

This footnote also confirms that this email message has been swept by
viruscheckers for the presence of computer viruses.
**********************************************************************

Re: Problems with cookies in Apache::AuthCookie

Posted by Geoffrey Young <ge...@modperlcookbook.org>.

Øyvind Gjerstad wrote:
> 
> Geoffrey Young wrote:
> 
> >>[Fri Jan  4 14:23:46 2002] [error] credential_0 ogj
> >>[Fri Jan  4 14:23:46 2002] [error] credential_1 xxxxxxx
> >>[Fri Jan  4 14:23:46 2002] [error] ses_key
> >>ogj:2002-01-04-14-23-46:2002-01-05-14
> >>-23-46:54f7553ccb96d3af70abe449f053ee3d
> >>[Fri Jan  4 14:23:46 2002] [error] auth_type Apache::AuthCookieDBI
> >>
> >
> > the AuthType setting should be the name of the class that inherits
> > from Apache::AuthCookie (or Apache::AuthCookieDBI I suppose, I've
> > never used it)
> >
> > for instance
> >
> >     PerlSetVar PrisInformasjonPath /
> >     PerlSetVar PrisInformasjonLoginScript /login.html
> >     PerlSetVar AuthCookieDebug 3
> >
> >     <Location /tgweb/protected>
> >       AuthType PrisInformasjon::Authenticate
> >       AuthName PrisInformasjon
> >       PerlAuthenHandler PrisInformasjon::Authenticate->authenticate
> >       Require vaild-user
> 
> Hmm. I thought I didn't need to subclass AuthCookieDBI. I thought that I
> should be able to just configure that to authenticate to a database
> (that part works, as far as I can tell), and write a login-script (which
> I have done).

ah, you are right.  I don't use Apache::AuthCookieDBI, and apparently
it works slightly differently from Apache::AuthCookie.

anyway, CC'd to the list so perhaps someone more familiar can see your
httpd.conf

--Geoff

> 
> Here are the relevant parts (I think) from httpd.conf:
> 
> PerlSetVar PrisInformasjonPath /
> PerlSetVar PrisInformasjonLoginScript /wwwappl/login.epl
> PerlSetVar PrisInformasjonDomain .tollpost.no
> PerlSetVar PrisInformasjonDBI_DSN "DBI:Informix:testogj1"
> PerlSetVar PrisInformasjonDBI_SecretKeyFile /etc/opt/apache/secret.key
> PerlSetVar PrisInformasjonDBI_UserField "username"
> PerlSetVar AuthCookieDebug 3
> 
> PerlModule Apache::AuthCookieDBI
> 
> <Directory "/opt/www/tgweb/protected/">
>      AuthType Apache::AuthCookieDBI
>      AuthName PrisInformasjon
>      PerlAuthenHandler Apache::AuthCookieDBI->authenticate
>      PerlAuthzHandler Apache::AuthCookieDBI->authorize
>      require valid-user
> </Directory>
> 
> <Files LOGIN>
>      AuthType Apache::AuthCookieDBI
>      AuthName PrisInformasjon
>      SetHandler perl-script
>      PerlHandler Apache::AuthCookieDBI->login
> </Files>
> 
> >>[Fri Jan  4 14:23:46 2002] [error] auth_name PrisInformasjon
> >>[Fri Jan  4 14:23:46 2002] [error] ses_key_cookie
> >>[Fri Jan  4 14:23:46 2002] [error] uri /tgweb/protected/index.html
> 
> --
> Øyvind
> 
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager. (mailto:postmaster@tollpost.no)
> 
> This footnote also confirms that this email message has been swept by
> viruscheckers for the presence of computer viruses.
> **********************************************************************

Re: Problems with cookies in Apache::AuthCookie

Posted by Geoffrey Young <ge...@modperlcookbook.org>.

> 
> [Fri Jan  4 14:23:46 2002] [error] credential_0 ogj
> [Fri Jan  4 14:23:46 2002] [error] credential_1 xxxxxxx
> [Fri Jan  4 14:23:46 2002] [error] ses_key
> ogj:2002-01-04-14-23-46:2002-01-05-14
> -23-46:54f7553ccb96d3af70abe449f053ee3d
> [Fri Jan  4 14:23:46 2002] [error] auth_type Apache::AuthCookieDBI

the AuthType setting should be the name of the class that inherits
from Apache::AuthCookie (or Apache::AuthCookieDBI I suppose, I've
never used it)

for instance

    PerlSetVar PrisInformasjonPath /
    PerlSetVar PrisInformasjonLoginScript /login.html
    PerlSetVar AuthCookieDebug 3

    <Location /tgweb/protected>
      AuthType PrisInformasjon::Authenticate
      AuthName PrisInformasjon
      PerlAuthenHandler PrisInformasjon::Authenticate->authenticate
      Require vaild-user

> [Fri Jan  4 14:23:46 2002] [error] auth_name PrisInformasjon
> [Fri Jan  4 14:23:46 2002] [error] ses_key_cookie
> [Fri Jan  4 14:23:46 2002] [error] uri /tgweb/protected/index.html

HTH

--Geoff