You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Charles Day <ch...@SYMIX.COM> on 2000/11/15 22:19:13 UTC

AuthCookie solution

Works perfectly.  Excellent idea.  Thank you very much Bill!


# added args to login.pl so we can redirect URL's with arguments during
initial authentication.
my $args = $r->prev->args;

# add the ?
$args = "?".$args if $args;

# put this in the form next to $uri.
<INPUT TYPE=hidden NAME=args VALUE="$args">



# We added the line below to AuthCookie.pm

# original way.
#$r->header_out("Location" => $args{'destination'});

# this works, but is sloppy.
#$r->header_out("Location" => $ENV{HTTP_REFERER});

# best way.
$r->header_out("Location" => $args{'destination'}.$args{'args'});



-----Original Message-----
From: Bill Moseley [mailto:moseley@hank.org]
Sent: Friday, November 03, 2000 5:30 PM
To: Charles Day; 'modperl@apache.org'
Subject: Re: AuthCookie


At 03:30 PM 11/03/00 -0500, Charles Day wrote:
>The follow also holds true:
>
>http://www.mydomain.com/index.cgi?a=blablabla&b=blablabla
>
>gets redirected to:
>
>http://www.mydomain.com/index.cgi 

If I remember, that's just due to the example in the AuthCookie POD that
uses 
$r->prev->uri to set the destination parameter in the Login script.  uri()
doesn't include the query string, IIRC.

>I've replaced the following line in AuthCookie.pm 
>
>$r->header_out("Location" => "$args{'destination'}");
>
>with:
>
>$r->header_out("Location" => "$ENV{HTTP_REFERER}");

I wouldn't do that as it's client dependent (and in quotes ;).

>And we don't loose the data.  Is there a better mod_perlish way to do this
>and are there buffer overflow risks involved?  

Use a mod_perl handler or Apache::Registry script for the login script, and
include $r->prev->args.  There's probably better ways to get the full URL,
but I just put uri() and args() together.

I suppose if your login.pl script could just place the current fields
passed in on the POST to the destination parameter passed to AuthCookie.
Then your script would get the parameters, they would just be a GET instead
of a POST.  Can be kind of ugly.



Bill Moseley
mailto:moseley@hank.org

Re: AuthCookie solution

Posted by Michael <mi...@bizsystems.com>.
> At 04:19 PM 11/15/00 -0500, Charles Day wrote:
> ># We added the line below to AuthCookie.pm
> 
> >$r->header_out("Location" => $args{'destination'}.$args{'args'});
> 
> Why pass a new argument?  Can't you just add the query string onto
> the destination field in your login.pl script?
> 
> Something like the untested:
> 
> my $uri   = $r->prev->uri;
> my $query = $r->prev->args;
> $uri      = "$uri?$query" if $query;
> 

a little off the subject, but close.....

it the pointer for login is a complete URL ie http://foo.com/login.pl
then the $r->prev-args; seem to get lost. There is real application 
for this sort of thing and I would like to figure out how to make it 
work. Any ideas why it does not?

Michael
Michael@Insulin-Pumpers.org