You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Jeff Sheffield <js...@buzzard.kdi.com> on 2001/01/05 21:48:12 UTC

mod_perl 1.24_01 Cookie Problem..?? Was: Apache::AuthCookieDBI BEGIN problems...??

Ok switching parameter order from this
> PerlModule Apache::AuthCookieDBI
> PerlSetVar WhatEverDBI_SecretKeyFile /www/domain.com/test.key
to
PerlSetVar WhatEverDBI_SecretKeyFile /opt/apache/whiteboard.net/80/conf/WhatEver
PerlModule Apache::AuthCookieDBI
did fix the problem that DBI_SecretKeyFile was not getting read.
Thanks Jacob.

Now everything seems to work correctly except the 
actual cookie is not being set.

Note: I have PerlSetVar AuthCookieDebug 3 and I am seeing this in the
logs.

--------
[Fri Jan  5 13:57:49 2001] [error] credential_0 jeff
[Fri Jan  5 13:57:49 2001] [error] credential_1 foobarbazz
[Fri Jan  5 13:57:50 2001] [error] Set-Cookie Apache::AuthCookieDBI_WhatEver=jeff:2001-01-05-13-57-50:2001-01-05-14-02-50:fc917dfdb5915a47a85309f716bf715b;
path=/; domain=.jeff
[Fri Jan  5 13:57:50 2001] [error] auth_type Apache::AuthCookieDBI
[Fri Jan  5 13:57:50 2001] [error] auth_name WhatEver
[Fri Jan  5 13:57:50 2001] [error] ses_key_cookie 
[Fri Jan  5 13:57:50 2001] [error] uri /mailing-list
[Fri Jan  5 14:18:07 2001] [error] auth_type Apache::AuthCookieDBI
[Fri Jan  5 14:18:07 2001] [error] auth_name WhatEver
[Fri Jan  5 14:18:07 2001] [error] ses_key_cookie 
[Fri Jan  5 14:18:07 2001] [error] uri /mailing-list
------

Also note: I added the Set-Cookie log info so that you could see what cookie
I am passing.
Is that an invalid formatt..??

I saw James's email
>Specifically, my perl scripts before mod_perl would pass a cookie back
>and forth with the users name and password - so that each script, when
>called, would check for the cookie to see if the user is logged in and if not
>redirect to a login page, if they are logged in then display the
>requested page.

>Now that I have mod_perl installed I cannot pass any cookies like I
>used to. I have not changed any scripts [yet] and all use DBI connections to a
>postgres DB.

>I looked through the guide and searched the maillist archive but did
>not find much info to help with this.
>I also tried to install Apache::AuthCookieDBI, but documentation is
>very limited for that and never could get it right.
and that got me to thinking maby this is a mod_perl  1.24_01 problem.
because I am experiencing the same sort of thing.

Jeff




On Thu, Jan 04, 2001 at 04:06:01PM -0800, Jacob Davies wrote:
> On Wed, Jan 03, 2001 at 12:02:15AM -0600, Jeff Sheffield wrote:
> > I am ashamed ... I twitled with the shiny bits.
> > my $auth_name = "WhatEver";
> > $SECRET_KEYS{ $auth_name } = "thisishtesecretkeyforthisserver";
> > ### END MY DIRTY HACK
> > Note that without MY DIRTY LITTLE HACK it does not set those two
> > variables. I am/was pretty sure that this somehow relates to
> > "StackedHandlers"
> 
> I believe the problem is a known documentation bug with the module.  I need
> to fix the docs and make a new release (have been meaning to for, oh,
> five months now) but I no longer work at the place that originally paid
> me to write the module and haven't had a chance so far.  I have a few other
> patches to integrate too.  I believe your specific problem stems
> from having the:
> 
> PerlModule Apache::AuthCookieDBI
> 
> line before the
> 
> PerlSetVar WhatEverDBI_SecretKeyFile /www/domain.com/test.key
> 
> line in the server config file.  Yes, the documentation has it the wrong
> way around.  The reason is that the server reads this configuration
> directive at module load time (i.e. with PerlModule, at server start time
> when it's still running as root) so that it can preload the secret keys
> from files on disk.  You want those files to be root-owned and only
> readable by root, which is why it does it at start time.  Try putting
> all your DBI_SecretKeyFile directives before the PerlModule line and
> see if that fixes your problem.
> 
> It should give better diagnostics when this problem comes up, I need to
> fix that.  Right now I don't even have this module running anywhere, but
> I will install it again on my home machine at least, for testing.
> 
> Hopefully I will have a new release and an announce notice for this out
> soon.
> 
> -- 
> Jacob Davies
> jacob@well.com
Thanks, 
Jeff

---------------------------------------------------
| "0201: Keyboard Error.  Press F1 to continue."  |
|                          -- IBM PC-XT Rom, 1982 |
---------------------------------------------------
| Jeff Sheffield                                  |
| jeff@jspot.org                                  |
| AIM=JeffShef                                    |
---------------------------------------------------