[MP2] Using Apache::AuthCookie with $r->prev when login is a redirect to https

[Barry Hoggard <ba...@tristanmedia.com>]

I have Apache::AuthCookie 3.06 working fine with just http under this 
setup:

httpd-2.0.53
mod_perl-2.0.0-RC4

However, when I redirect to https for the login page, $r->prev is now 
empty, so I don't have these values for my form:

$r->prev->uri
$r->prev->args
$r->prev->subprocess_env("AuthCookieReason")


What is the best way to do this?  I would prefer for the login page to 
be in https, and not just submit to https.  I'm using Apache::Session 
as well, but I don't know if there is a way to make sure that stuff 
gets into the session before I redirect to https.



Barry Hoggard

Re: [MP2] Using Apache::AuthCookie with $r->prev when login is a redirect to https

[Barry Hoggard <ba...@tristanmedia.com>]

On Apr 5, 2005, at 3:00 AM, Torsten Foertsch wrote:

> On Tuesday 05 April 2005 00:59, Barry Hoggard wrote:
>
> If I understood you properly you are redirecting the browser from a 
> HTTP
> request to HTTPS. This involves browser interaction and is not an
> internal redirect. prev() however works only with internal redirects,
> e.g. $r->internal_redirect, ErrorDocument, CGI script emitting only a
> "Location" header, ...
>
> Since HTTP is a stateless protocol there is no other way of maintaining
> state then transferring information from the server to the browser and
> back. This is what cookies are made for.

Yes, that is correct.  I was assuming I should put something into my 
session, but I wasn't sure where in the handling phase to do it.

I am using Apache::SessionManager.  What is the best place in the 
request lifecycle to do that session update?  I haven't really used 
anything other than Access/Authen/Authz and Response handlers.  Would 
this be a PerlFixupHandler or a PerlTransHandler, or is something else 
preferred?


Barry Hoggard

Re: [MP2] Using Apache::AuthCookie with $r->prev when login is a redirect to https

[Torsten Foertsch <to...@gmx.net>]

On Tuesday 05 April 2005 00:59, Barry Hoggard wrote:
> I have Apache::AuthCookie 3.06 working fine with just http under this
> setup:
>
> httpd-2.0.53
> mod_perl-2.0.0-RC4
>
> However, when I redirect to https for the login page, $r->prev is now
> empty, so I don't have these values for my form:
>
> $r->prev->uri
> $r->prev->args
> $r->prev->subprocess_env("AuthCookieReason")
>
>
> What is the best way to do this?  I would prefer for the login page
> to be in https, and not just submit to https.  I'm using
> Apache::Session as well, but I don't know if there is a way to make
> sure that stuff gets into the session before I redirect to https.

If I understood you properly you are redirecting the browser from a HTTP 
request to HTTPS. This involves browser interaction and is not an 
internal redirect. prev() however works only with internal redirects, 
e.g. $r->internal_redirect, ErrorDocument, CGI script emitting only a 
"Location" header, ...

Since HTTP is a stateless protocol there is no other way of maintaining 
state then transferring information from the server to the browser and 
back. This is what cookies are made for.

Torsten