You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by will trillich <wi...@serensoft.com> on 2001/05/01 03:43:36 UTC
PerlAccessHandler -- struggling and drowning
Eeyore here, again, less happy than ever. S.O.S.
okay. i try to use the Ticket*.pm modules from the book
(chapter 6) verbatim and they work well for well-behaved
browsers.
to widen the workability (i.e. to make it functional for
badly-mannered browsers*) i'm trying some workarounds.
this is a PerlAccessHandler, which should check for the existence
of a cookie in the incoming headers, and if not there (or
expired) it should redirect the browser to a login area that
takes name/password pair, and if valid, would then return the
browser to the original URL. to do that, as we issue the
'redirect to the login area' we set a cookie containing the URL
to return to.
problem: some browsers see 'redirect' and ignore all other
headers, so the cookies aren't set. when the browser arrives at
the login area, there's no cookie to send there, to formulate
a return-to address from.
man CGI says 'we don't do http-equiv "meta" headers because you
can do those in header_out instead'. what's the politically
correct way to do this?
this also doesn't work (PerlAccessHandler)-- what would need to
be bent to make this function properly?
my $ticketTool = Apache::TicketTool->new($r);
#...
my $cookie = $ticketTool->make_return_address($r);
# (so we can get back to where user wanted to be)
my $login_uri = $r->dir_config("TicketLogin");
# instead of book's "ErrorDocument 403" example
use CGI '-autoload';
# note: PerlAccessHandler
print
header(-refresh => "1; URL=$login_uri", -cookie => $cookie),
start_html(-title => 'Redirecting to login', -bgcolor => 'white'),
h1('Please log in'),
p("You're being redirected to ",
a({-href=>$login_uri},$login_uri),
" in just a moment."),
h2("Please stand by..."),
end_html();
# return .... WHAT?
* note that the manners-ability of the browsers, being the
problem, is something i'm accepting on faith. if there's
another explanation (with a workaround that i might have a
chance at understanding) i'd love to hear it.
--
don't visit this page. it's bad for you. take my expert word for it.
http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html
will@serensoft.com
http://sourceforge.net/projects/newbiedoc -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!
Re: PerlAccessHandler -- struggling and drowning
Posted by David Kenzik <da...@kenzik.com>.
will trillich said...
> problem: some browsers see 'redirect' and ignore all other
> headers, so the cookies aren't set. when the browser arrives at
> the login area, there's no cookie to send there, to formulate
> a return-to address from.
What percentage of 'some browsers' is your user base?
I do the following:
$r->err_headers_out() to set cookie for decent browsers
In my /Login routine, I check for the cookie that was set in
err_headers_out. If that cookie does not exist (bad browser), I go to the
Apache config and grab DEFAULT_LOGIN_URL, which is set via:
PerlSetVar DEFAULT_LOGIN_URL http://foo.com/bad_browsers/welcome.html
I then redirect to that location, and explain in that location why they
don't get to magically go where they are supposed to.
If this is a feature they REALLY want, then they can change browsers. But I
see that most people don't really care, and they just happily point and
click to the appropriate portion of the site.
Now, if you were using Apache::Session, this would probably be moot. You
could just add something special to your %session before the redirect in
your authhandler, and yank it out after the successful /Login and redirect
from it.
Hope this makes sense.
--
David S. Kenzik
david@kenzik.com - http://kenzik.com
Original Music - http://text.org