thanks one and all for the pointers on cookies. i probably grok
738% more than i did, but i have a feeling it's still only 13% of
the pie. or in this case, cookie...
so how's this PerlAccessHandler, for twisted logic? hole-punching
and pitfall-warning equally welcome:
#httpd.conf
PerlAccessHandler My::TrollUnderTheBridge
PerlHandler Something::OrOther
#perl
package My::TrollUnderTheBridge;
sub handler {
my $r = shift;
if ( &logging_in($r) ) {
my $h = $r->get_handlers( 'PerlHandler' );
unshift @{$h},\&checkUser ; # do &checkUser first
$r->set_handlers( PerlHandler => $h );
} elsif ( &needs_login($r) ) {
$r->set_handlers( PerlHandler => [ \&login ] );
# return AUTH_REQUIRED; or not ?
}
return OK;
}
sub checkUser {
my $r = shift;
if ( &bad_passwd( $r ) ) {
# generate html for username/password login screen, again
&login( $r );
# we handled it, other handlers won't be called (right?)
return OK;
} else {
$r->headers_out->add( 'Set-Cookie' => &make_ticket( $r ) );
# let normal handler do its thing
return DECLINED;
}
}
so i can keep the same url for all three stages, with no need for
preliminary cookies:
3. valid ticket -> show web pages
else
2. validate user/pass -> make ticket & show pages
else
1. login -> get user/pass
is this sound? or am i fuxnored?
--
but then from within &login() i'd like to be able to abort, like
so--
