Hann, Brian wrote:
Actually I think I got it, but thanks for the tip on $r->prev->notes. I'll have to give it a try. And yes, I've been poring over the cookbook for most of the day :)
:)
Here's what I ended up doing: When I hit a place in my authen module that required me to do:
$r->note_basic_failure; return AUTH_REQUIRED;
I would instead do:
$r->handler('perl-script'); $r->set_handlers('PerlHandler' => ['AuthFailure']); return OK;
this seems really strange. I think I'd rather see a call to custom_response() to set up the error processing rather than short-circuiting the API.
Then in AuthFailure I have this:
$r->note_basic_auth_failure; $r->content_type('text/html; charset=ISO-8859-1'); $r->status(401);
you shouldn't ever set the status of the the request - it mucks up Apache's internal ErrorDocument cycle. I wouldn't be surprised if the results of all this, in a test via telnet, didn't show something suspicious (like "Additionally, the server encountered a 401..." or something).
$r->send_http_header;
So far it seems to be working fine, and my notes() are coming across.
well, if it works, then... :)
but reconsider the design a bit - I'm sure you can do what you want using the typical API formula. after all, using the authentication phase for authentication is why the phase is there: there should be no need to set up WWW-Authenticate headers from the content phase.
HTH
--Geoff