You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Barry Hoggard <ba...@tristanmedia.com> on 2005/04/05 00:59:39 UTC
[MP2] Using Apache::AuthCookie with $r->prev when login is a redirect to https
I have Apache::AuthCookie 3.06 working fine with just http under this
setup:
httpd-2.0.53
mod_perl-2.0.0-RC4
However, when I redirect to https for the login page, $r->prev is now
empty, so I don't have these values for my form:
$r->prev->uri
$r->prev->args
$r->prev->subprocess_env("AuthCookieReason")
What is the best way to do this? I would prefer for the login page to
be in https, and not just submit to https. I'm using Apache::Session
as well, but I don't know if there is a way to make sure that stuff
gets into the session before I redirect to https.
Barry Hoggard
Re: [MP2] Using Apache::AuthCookie with $r->prev when login is a redirect to https
Posted by Barry Hoggard <ba...@tristanmedia.com>.
On Apr 5, 2005, at 3:00 AM, Torsten Foertsch wrote:
> On Tuesday 05 April 2005 00:59, Barry Hoggard wrote:
>
> If I understood you properly you are redirecting the browser from a
> HTTP
> request to HTTPS. This involves browser interaction and is not an
> internal redirect. prev() however works only with internal redirects,
> e.g. $r->internal_redirect, ErrorDocument, CGI script emitting only a
> "Location" header, ...
>
> Since HTTP is a stateless protocol there is no other way of maintaining
> state then transferring information from the server to the browser and
> back. This is what cookies are made for.
Yes, that is correct. I was assuming I should put something into my
session, but I wasn't sure where in the handling phase to do it.
I am using Apache::SessionManager. What is the best place in the
request lifecycle to do that session update? I haven't really used
anything other than Access/Authen/Authz and Response handlers. Would
this be a PerlFixupHandler or a PerlTransHandler, or is something else
preferred?
Barry Hoggard
Re: [MP2] Using Apache::AuthCookie with $r->prev when login is a redirect to https
Posted by Torsten Foertsch <to...@gmx.net>.
On Tuesday 05 April 2005 00:59, Barry Hoggard wrote:
> I have Apache::AuthCookie 3.06 working fine with just http under this
> setup:
>
> httpd-2.0.53
> mod_perl-2.0.0-RC4
>
> However, when I redirect to https for the login page, $r->prev is now
> empty, so I don't have these values for my form:
>
> $r->prev->uri
> $r->prev->args
> $r->prev->subprocess_env("AuthCookieReason")
>
>
> What is the best way to do this? I would prefer for the login page
> to be in https, and not just submit to https. I'm using
> Apache::Session as well, but I don't know if there is a way to make
> sure that stuff gets into the session before I redirect to https.
If I understood you properly you are redirecting the browser from a HTTP
request to HTTPS. This involves browser interaction and is not an
internal redirect. prev() however works only with internal redirects,
e.g. $r->internal_redirect, ErrorDocument, CGI script emitting only a
"Location" header, ...
Since HTTP is a stateless protocol there is no other way of maintaining
state then transferring information from the server to the browser and
back. This is what cookies are made for.
Torsten