Expiring the cookie works well for me. Here's what I have:
sub handler {
[ ... ]
if ($r->uri =~ /logout/) {
if (my $cookie = destroy_cookie($r)) {
return logout_screen($r);
} else {
return 500;
}
}
[ ... ]
}
sub destroy_cookie {
my $r = shift;
# you may or may not be using this
my $auth_domain = $r->dir_config('Auth_Domain');
my $cookie = Apache::Cookie->new(
$r,
expires => "-24h",
domain => $auth_domain,
name => 'auth', # whatever you've called it
path => '/',
value => ''
);
$cookie->bake;
return $cookie;
}
sub logout_screen {
[ ... ]
}
1;
~~~~~~~~~~~
Nick Tonkin
On Tue, 27 Nov 2001, Jon Robison wrote:
> I have created a login system using the wonderful Ticket system from the
> Eagle book. I have modified TicketAccess so that after authentication,
> it reviews the arguments in the query string and does push_handler, the
> handler being chosen based on the args.
>
> My only problem is that I want to provide the users with a logout button
> which will delete the cookie from thier browser, yet I cannot find how!.
> I have reviewed every module on my system with 'Cookie' in the name
> (Apache::Cookie, CGI::Cookie, etc.) and nowhere does it tell how to do
> this. There is a small mention of changing the expiration to < 0, but
> apparently I am doing it wrong (possible confusing point is the use of
> an 'expires' value in the cookie itself, seperate, I think, from the
> 'expires' attribute on the cookie?)
>
> I know it is a lot to ask, but I am relatively new to this part of
> mod_perl (pushing handlers, etc.), so if anyone can look at this and
> replace my BLOCKED comments with a couple of helpfull lines, I would
> greatly appreciate it!
>
> Thanks in advance -
>
> Jonathon Robison
>
>
> Below is my modified TicketAccess, as well as the Logout module I am
> re-directing to for logout action:
> =========================================================
> package FES::Apache::TicketAccess;
>
> use strict;
> use Apache::Constants qw(:common);
> use FES::Apache::TicketTool ();
>
> sub handler {
> my $r = shift;
> my %input = $r->args;
> # for checking input items
> my $ticketTool = FES::Apache::TicketTool->new($r);
> my($result, $msg) = $ticketTool->verify_ticket($r);
> unless ($result) {
> $r->log_reason($msg, $r->filename);
> my $cookie = $ticketTool->make_return_address($r);
> $r->err_headers_out->add('Set-Cookie' => $cookie);
> return FORBIDDEN;
> }
> ## Here is where we need to insert a push_handler insert. I won't need
> ## the requested uri from the $r, since the $r goes along for the ride
> in ## push_handler
>
> my $action = defined $input{'act'} ? $input{'act'} : 'view';
>
> print STDERR "action is defined as $action\n"; ## DEBUGGING
>
> if ($action eq 'logout') {
> $r->push_handlers('PerlHandler' => 'FES::Control::Logout');
> return OK;
> } elsif ($action eq 'view') {
> $r->push_handlers('PerlHandler' => 'FES::Control::View');
> return OK;
> } else {
> $r->push_handlers('PerlHandler' => 'FES::Control::View');
> return OK;
> }
> ## ARE THOSE THE CORRECT THINGS TO 'RETURN' FOR THESE CASES?
>
> }
>
> 1;
> ==============================================================
>
> And the Logout.pm:
>
> =============================================================
> package FES::Control::Logout;
>
> use strict;
> use Apache;
> use Apache::Constants qw(:common);
> use FES::Common::Common qw( header footer);
> use CGI qw/:standard/;
> use CGI::Cookie;
>
> sub handler {
> my $r = shift;
> my $q = new CGI;
> my $ticket = _get_ticket('r' => $r);
>
> ## HERE IS WHERE I NEED TO 1.) DELETE USER'S TICKET COOKIE AND
> ## 2.) REDIRECT THEM TO "/FES" (w/o bringing old
> $r),(WHERE THEY SHOULD GET
> ## A NEW LOGIN SCREEN BECAUSE COOKIE IS
> GONE.)
>
> }
>
> sub _get_ticket {
> my $args = {
> 'r' => undef,
> @_
> };
> my $r = $args->{'r'};
> my %cookies = CGI::Cookie->parse($r->header_in('Cookie'));
> # TESTING
> my %ticket = $cookies{'Ticket'}->value; # TESTING
> return \%ticket;
> }
>
> 1;
> =====================================================
>
