You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Angie Ahl <al...@vertebrate.co.uk> on 2004/05/11 21:14:27 UTC

Apache::AuthDBI

Hi people.

I'm trying to find a way to allow users to log out of a realm based 
site (ie using basic authentication).

I've read it can't be done. but I'm stubborn and think I may possibly 
have a way around it (for my needs anyway)

I'm using PerlAuthenHandler Apache::AuthDBI::authen

I'd like to make a lougout button in the form of  
username:wrongpw@domain.dom .

As the password is wrong it will trigger the realm dialog.

Now what I'd like to try and do is this:

Catch failed attempts to AuthDBI::authen AND if the realm password was 
wrongpw
- redirect them to a logged out page.

If I've worked this out right the next time they go to the realm 
protected area they'll be prompted for a un/pw again.

Sounds reasonable, Anyone know how, or which manual I should go read.

Or anyone got an already invented wheel I could take a look at ;)

Cheers

Angie


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

RE: Apache::AuthDBI

Posted by Jeff <mo...@aquabolt.com>.

> -----Original Message-----
> From: Perrin Harkins [mailto:perrin@elem.com] 
> Sent: 11 May 2004 21:35
> To: Angie Ahl
> Cc: Modperl List
> Subject: Re: Apache::AuthDBI
> 

> You can send the failure status code along with content of your choice
> (i.e. do an internal redirect or just send the file 
> yourself), but some
> browsers (read IE) may not display your custom content.
> 

IE will display your content if it is over a certain size - can't 
remember exactly how big, but we add an invisible HTML comment in 
all error docs to bring the size over 4K - then IE does display them.

Regards

Jeff


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Apache::AuthDBI

Posted by Perrin Harkins <pe...@elem.com>.

On Tue, 2004-05-11 at 15:14, Angie Ahl wrote:
> Now what I'd like to try and do is this:
> 
> Catch failed attempts to AuthDBI::authen AND if the realm password was 
> wrongpw
> - redirect them to a logged out page.
> 
> If I've worked this out right the next time they go to the realm 
> protected area they'll be prompted for a un/pw again.

I think that will only happen if you send a status code indicating that
the auth was denied, meaning that you won't be able to send a redirect. 
If you accept the auth (by not sending an auth failure code), the
browser will keep sending it until it is shut down.

You can send the failure status code along with content of your choice
(i.e. do an internal redirect or just send the file yourself), but some
browsers (read IE) may not display your custom content.

- Perrin

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Apache::AuthDBI

Posted by Charlie Garrison <ga...@zeta.org.au>.

Good afternoon,

On 11/5/04 at 8:14 PM +0100, Angie Ahl <al...@vertebrate.co.uk> wrote:

>I'm trying to find a way to allow users to log out of a realm based 
>site (ie using basic authentication).
> [...]
>I'd like to make a lougout button in the form of  
>username:wrongpw@domain.dom .

I used to use a technique like that, but I found out (the hard way) that it
depends too heavily on browsers doing what you expect, and many of them don't. 

I had problems including:

- browser would not ask user for new credentials (after logging out), so it 
  became impossible to login again (without quitting browser)
- browser would quietly send 'old' credentials when needed later, so user was 
  not really logged out, next user could hijack their login
- confusing for users (mostly due to browsers not performing as expected)

I suggest using one of the other script based login techniques. I like
AuthTicket since it also works for requests on frontend (non modperl) server.

Charlie

-- 
   Charlie Garrison  <ga...@zeta.org.au>
   PO Box 141, Windsor, NSW 2756, Australia

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html