You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Naaman Musawwir <na...@fourthhousesecurity.com> on 2002/11/15 04:45:41 UTC

mod_auth

Hi there,

I wanted to know about how this module keeps track of the logged in user. We always get the value of user in request_rec strucrure (r->user). If we store something manually in this structure that vanishes after serving the current request.

Thanks,
Naaman Musawwir.

Re: mod_auth

Posted by Naaman Musawwir <na...@fourthhousesecurity.com>.

>
> On Fri, 15 Nov 2002, Naaman Musawwir wrote:
> > Thanks. So, how can we keep track of any custom values? Cookies or
session.
> > Some useful API to maintain state for that?
>
> libapreq has some functions for manipulating cookies:
> http://httpd.apache.org/apreq/
>

Thanks again. I am modifying Apache module mod_proxy_http to intercept
request and do some operations. Current version of libreq could not be
installed with perl-5.8.0 and Apache-2.0.43. It worked for Apache 1.3.x and
older perl versions. I wondered if I can do this direcltly using Apache
APIs.

I am trying the list you specified.

> The question is really way too general to be answered, however.  And this
> isn't the right mailing list.  There is a list for apache module
> developers:
> http://modules.apache.org/subscribe#API
> But I don't know if it is active.
>
> Joshua.
>

Re: mod_auth

Posted by Joshua Slive <jo...@slive.ca>.

On Fri, 15 Nov 2002, Naaman Musawwir wrote:
> Thanks. So, how can we keep track of any custom values? Cookies or session.
> Some useful API to maintain state for that?

libapreq has some functions for manipulating cookies:
http://httpd.apache.org/apreq/

The question is really way too general to be answered, however.  And this
isn't the right mailing list.  There is a list for apache module
developers:
http://modules.apache.org/subscribe#API
But I don't know if it is active.

Joshua.

Re: mod_auth

Posted by Naaman Musawwir <na...@fourthhousesecurity.com>.


> On Fri, 15 Nov 2002, Naaman Musawwir wrote:
> > I wanted to know about how this module keeps track of the logged in
> > user. We always get the value of user in request_rec strucrure
> > (r->user). If we store something manually in this structure that
> > vanishes after serving the current request.
>
> It doesn't.  HTTP is stateless.  The client keeps track of it and sends
> the userid and password in the HTTP request headers with each and every
> request.  Apache reads it and shoves it in the request_rec.

Thanks. So, how can we keep track of any custom values? Cookies or session.
Some useful API to maintain state for that?

>
> See: http://httpd.apache.org/docs/howto/auth.html#basic
>
> Joshua.
>

Re: mod_auth

Posted by Joshua Slive <jo...@slive.ca>.

On Fri, 15 Nov 2002, Naaman Musawwir wrote:
> I wanted to know about how this module keeps track of the logged in
> user. We always get the value of user in request_rec strucrure
> (r->user). If we store something manually in this structure that
> vanishes after serving the current request.

It doesn't.  HTTP is stateless.  The client keeps track of it and sends
the userid and password in the HTTP request headers with each and every
request.  Apache reads it and shoves it in the request_rec.

See: http://httpd.apache.org/docs/howto/auth.html#basic

Joshua.