will trillich said...
> problem: some browsers see 'redirect' and ignore all other
> headers, so the cookies aren't set. when the browser arrives at
> the login area, there's no cookie to send there, to formulate
> a return-to address from.
What percentage of 'some browsers' is your user base?
I do the following:
$r->err_headers_out() to set cookie for decent browsers
In my /Login routine, I check for the cookie that was set in
err_headers_out. If that cookie does not exist (bad browser), I go to the
Apache config and grab DEFAULT_LOGIN_URL, which is set via:
PerlSetVar DEFAULT_LOGIN_URL http://foo.com/bad_browsers/welcome.html
I then redirect to that location, and explain in that location why they
don't get to magically go where they are supposed to.
If this is a feature they REALLY want, then they can change browsers. But I
see that most people don't really care, and they just happily point and
click to the appropriate portion of the site.
Now, if you were using Apache::Session, this would probably be moot. You
could just add something special to your %session before the redirect in
your authhandler, and yank it out after the successful /Login and redirect
from it.
Hope this makes sense.
--
David S. Kenzik
[EMAIL PROTECTED] - http://kenzik.com
Original Music - http://text.org
