Peter wrote:
> Maybe you can try to add specifically:
> $r->connection->user('who_the_user_is') before the cookie access control
> returns OK in the module. Note that some of the cookie authentication
> modules are based on "access-only" control so $r->connection->user() can
> return a value in late phases only if one assigns it at the first place.
Point of clarification...
The authentication I'm writing about is BASIC AUTHENTICATION. apache takes
care of all of that. It appears as though the client is not sending it,
but I don't know why ... and if not, how it manages to pass the
authentication portion of the apache request loop.
the example I'm using does the following:
.htaccess
AuthType Basic
AuthName MagicName
AuthUserFile
/home/web/public_html/cgi/private/user.access
require valid-user
scriptA.plx ->redirect to scriptB.plx
scriptB.plx ->redirect to scriptA.plx CONDITIONALLY
if the CONDITION is met, the redirect is not done
i.e. cookie present + "user" present
what happens.. scriptA always has ENV{REMOTE_USER} and
$r->connection->user valid
scriptB rarely has them both valid
either script can set the same cookie if it is not present.
The cookie is always present for scriptA and usually but not always
present for scriptB
WHY???
Michael
