I'm having some troubles with a system I am writing. The system uses
the Ticket system from the Eagle book, with some minor modifications.
I have also created a "logout" module, which SHOULD delete the person's
cookie and redirect them to the main page (where they should be
re-directed by the Ticket system to a login screen as the cookie is
gone).
Currently, it isn't working. I had it "working" (click "Log Out" and
you got sent to the login screen), but I noticed that the cookie wasn't
deleted, and that I could type the correct URL (non Ticket redir url)
into the browser and I was back in! This is obviously not a good thing!
I placed a bunch of "print STDERR" statements in it and what I see now
in the log (after editing to try and make it correctly delete the
cookie) is the logout module processes correctly, the "action" does get
re-set to "view". . . and then it re-runs the logout module! Maybe I'm
not using the correct Apache return name (DONE, OK, DECLINED, etc.)? or
maybe I'm just totally screwing up the cookie re-make.
Can anyone take a moment and review this code to see what this beginner
has fouled up?
Modified TicketAccess.pm:
#######################################################
package FES::Apache::TicketAccess;
use strict;
use Apache::Constants qw(:common);
use FES::Apache::TicketTool ();
sub handler {
my $r = shift;
my %input = $r->args; # for
checking input items
my $ticketTool = FES::Apache::TicketTool->new($r);
my($result, $msg) = $ticketTool->verify_ticket($r);
unless ($result) {
$r->log_reason($msg, $r->filename);
my $cookie = $ticketTool->make_return_address($r);
$r->err_headers_out->add('Set-Cookie' => $cookie);
return FORBIDDEN;
}
## Here is where I added a push_handler insert.
my $action = defined $input{'act'} ? $input{'act'} : 'view';
if ($action eq 'logout') {
$r->push_handlers('PerlHandler' => 'FES::Control::Logout');
return OK;
} elsif ($action eq 'view') {
$r->push_handlers('PerlHandler' => 'FES::Control::View');
return OK;
} else {
$r->push_handlers('PerlHandler' => 'FES::Control::View');
return OK;
}
}
1;
##################################################
And the Logout module hit by clicking a link built as
<a href="/fes?act=logout">Log Out</a>
################################################
package FES::Control::Logout;
use strict;
use Apache;
use Apache::Constants qw(:common);
use CGI::Cookie;
sub handler {
my $r = shift;
my $q = new CGI;
my $ticket = _get_ticket('r' => $r);
## These next two lines are to re-make the two cookies set
## by the Ticket system from the Eagle book to expiration dates
## from before today, thus deleting them (I wish!)
my $cookie1 = new
CGI::Cookie(-name=>'Ticket',-value=>undef,
-expires=>'-100m');
my $cookie2 = new
CGI::Cookie(-name=>'request_uri',-value=>undef,
-expires=>'-100m');
$r->header_out('Set-Cookie',[$cookie1,$cookie2]);
$r->internal_redirect("/fes");
return OK;
}
sub _get_ticket {
my $args = {
'r' => undef,
@_
};
my $r = $args->{'r'};
my %cookies = fetch CGI::Cookie;
my %ticket = $cookies{'Ticket'}->value;
return \%ticket;
}
1;
##############################################3
I have tried switching from CGI::Cookie to Apache::Cookie (and modifying
the commands to suit) - no luck. Same thing.
Can anyone see something obvious that I am doing wrong? I realized that
this is probably a "newbie" question, but I could use the help. I have
re-written the Logout.pm a dozen times, to no avail.
--Jon Robison
