You should really have a look at Apache::AuthCookie. This module does
pretty much exactly what you are looking to build. I think it'll even
handle your guest logins.
If you are still keen on rolling your own module, this module will give
you some great hints on how to write an Authentication Handler...
Cees
On Sun, 18 Mar 2001, Issac Goldstand wrote:
> I've been self-debating a small issue for a small project that I'm
> developing, and thought I'd pass it on to see if I can get any
> feedback from the experts in the field: I have a pair of login/logout
> CGI scripts on a machine that I recently "bumped" from mod_cgi to
> mod_perl. They set/removed a cookie that as a key in Jeffery Baker's
> wonderful Apache::Session module, which I used as a base for my own
> authentication module (and if Jeffery is reading this, I'd love your
> feedback about it...). Now, since I am using mod_perl, I've set up my
> module to be pre-loaded to keep a persistant connection to my session
> database (the connections to the authentication [via user/password]
> database is only done in the login script). It seems to me that I
> _ought_ to try to squeeze a bit more out of mod_perl by assigning a
> handler during some stage of the server request to do the cookie
> authentication and then, instead of my scripts checking with the
> authentication module, I can set an %ENV variable with the
> authentication results, for later parsing by the scripts. So, firstly,
> where is the best place to put the handler? Logic would suggest the
> _authentication_ stage, of course, but I'm still a tiny bit too newbie
> too know exactly how I'd have to set up the .htaccess & ..htpasswd
> files, let alone what kind of response I have to send back to the
> server. (Links to the mod_perl Guide are fine for answering this. I
> have, truth to tell, not quite finished reading the whole thing, but I
> have people pressuring me to fix the login buisness which, as a result
> of moving to mod_perl, is now quite a mess so I'm doing the
> unthinkable and asking even though I have not read every bit of
> documentation :-}) Secondly, there are one or two scripts that have a
> "guest" login. The way this works, in short, is that authentication
> is pre-generated and coupled with other "challenge tokens", which are
> all passed as part of the URI. This would obviously have to bypass
> the "normal" login/authentication handlers. The solution which leaps
> to my head is doable, if a bit crude: make a special aliased
> directory for guest-login-related scripts (actually only the original
> authentication [eg, first request] has to be via URI; I can switch to
> normal cookie based beyond that). But I'd really like to hear what
> people who've been developing mod_perl 'application's for more then
> just a few weeks would say.
>
> Thanks,
> Issac
>
> BTW: For the experts here, I must say that I'm really impressed with the mod_perl
>mailing list in general. I find that I'm learning almost as much from here as I do
>from the guide and manpages, and I am most impressed at the general attitude towards
>newbies. I've been a newbie, and a regular, on many technical mailing lists, but
>almost never seen that John Q. Newbie got decent attention on most of them. I just
>felt that gratitude ought to be expressed where it is due.
>
> Internet is a wonderful mechanism for making a fool of
> yourself in front of a very large audience.
> --Anonymous
>
> Moving the mouse won't get you into trouble... Clicking it might.
> --Anonymous
>
> PGP Key 0xE0FA561B - Fingerprint:
> 7E18 C018 D623 A57B 7F37 D902 8C84 7675 E0FA 561B
>
--
Cees Hek
SiteSuite Corporation
[EMAIL PROTECTED]
