odd authetication situation

[Michael Robinton <mi...@bizsystems.com>]

I have a modperl handler that sets a cookie and does a redirect if the
cookie was not present. The redirected page eventually loads the same page
again. In addition, this page is called from a protected portion of the
site that requires Basic Auth.

When the redirect calls the mod_perl routine the second or "some"
subsequent times, $r->connection->user and $ENV{REMOTE_USER} are both
empty or non-existent yet the page does not appear to fail the
authentication request and executes and returns html.

The failure is repeatable though not consistently so, maybe 70% or more.

I'm scratching my head on this one. Any ideas??

Michael

Re: odd authetication situation

[Peter Bi <mo...@att.net>]

Maybe you can try to add specifically:
$r->connection->user('who_the_user_is') before the cookie access control
returns OK in the module. Note that some of the cookie authentication
modules are based on "access-only" control so $r->connection->user() can
return a value in late phases only if one assigns it at the first place.


Peter Bi

----- Original Message -----
From: "Michael Robinton" <mi...@bizsystems.com>
To: <mo...@perl.apache.org>
Sent: Wednesday, August 28, 2002 1:05 PM
Subject: odd authetication situation


>
> I have a modperl handler that sets a cookie and does a redirect if the
> cookie was not present. The redirected page eventually loads the same page
> again. In addition, this page is called from a protected portion of the
> site that requires Basic Auth.
>
> When the redirect calls the mod_perl routine the second or "some"
> subsequent times, $r->connection->user and $ENV{REMOTE_USER} are both
> empty or non-existent yet the page does not appear to fail the
> authentication request and executes and returns html.
>
> The failure is repeatable though not consistently so, maybe 70% or more.
>
> I'm scratching my head on this one. Any ideas??
>
> Michael
>
>