You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by "Dami Laurent (PJ)" <la...@justice.ge.ch> on 2008/06/20 08:27:34 UTC
wrote Authen module dealing with cookies : now POST requests get corrupted. Any advice ?
Hi everybody,
I recently wrote an extension to Apache2::AuthenNTLM in order to store
the NTLM authentified username in a cookie (module
http://search.cpan.org/dist/Apache2-AuthenNTLM-Cookie/).
Now I found out that this module has a critical bug : the content of
POST requests gets corrupted (bug
http://rt.cpan.org/Ticket/Display.html?id=36847).
I don't really know where to start to fix the bug. My hypothesis is that
perhaps this is because I'm using Apache2::Cookie, which itself uses
libaprequest, and maybe these modules are not meant to be used in an
early Apache phase, and leave the input stream in an buggy state. I
looked at a couple of other authentication modules using cookies, but
they don't seem to use the Apache2::Cookie API.
Is that the hypothesis correct ? Does anybody have good advice on that
problem ?
Thanks in advance,
Laurent Dami
Re: wrote Authen module dealing with cookies : now POST requests
get corrupted. Any advice ?
Posted by Adam Prime <ad...@utoronto.ca>.
Dami Laurent (PJ) wrote:
> Hi everybody,
>
> I recently wrote an extension to Apache2::AuthenNTLM in order to store
> the NTLM authentified username in a cookie (module
> _http://search.cpan.org/dist/Apache2-AuthenNTLM-Cookie/_).
>
> Now I found out that this module has a critical bug : the content of
> POST requests gets corrupted (bug
> _http://rt.cpan.org/Ticket/Display.html?id=36847_).
>
> I don't really know where to start to fix the bug. My hypothesis is that
> perhaps this is because I'm using Apache2::Cookie, which itself uses
> libaprequest, and maybe these modules are not meant to be used in an
> early Apache phase, and leave the input stream in an buggy state. I
> looked at a couple of other authentication modules using cookies, but
> they don't seem to use the Apache2::Cookie API.
>
> Is that the hypothesis correct ? Does anybody have good advice on that
> problem ?
There is a lot of code on CPAN using libapreq and/or Apache2::Cookie in
every phase, so I very seriously doubt that that's a problem. The first
thing i'd do in your situation would be to make sure that the bug
doesn't exist in Apache2::AuthenNTLM, to confirm it's actually specific
to you're extention.
Telling us what exactly 'gets corrupted' means might help too (ie
error_log details, or whatever you're seeing).
Adam