>From: Brian Reichert
>Ok, I'm confused: the cookies are already in the request header,
>and you want to 'convert' them into a request header?
Well, yes. Two reasons:
1) In the real production environment, the cookie is encrypted and validated against a database with each request. My app knows nothing about the cookie. All it ever sees is the request headers.
2) I wanted to use a cookie simply because it's the easiest way to dynamically control the contents of the headers to be sent, and the easiest way I could think of that would work with a "login" page.
I assumed people would think it was an odd request, but it does make sense :)
>From: Juha-Mikko Ahonen
>Why name NAME to HTTP_NAME? Or do you want the cookie content to appear
>in subprocess environment (which has similar naming convention), like
>other server variables?
Actually, this was an oversight, I'm used to CGI!!
>> 2. Writing some sample code :)
>package Your::SSOHandler;
Thank you! This is exactly the kind of example I needed. Will test ASAP, and adjust to fit my specific needs. I'm quite familiar with Perl, it's mainly the API's that I'm clueless about. Your code makes sense and at least points me in exactly the right direction.
>For testing you could make the handler module stat and evaluate contents
>of an external Perl file. Put your code on the file to be evaluated,
>and avoid restarts.
True, that would work also, but it would still require modifying a file each time.
With this cookie solution, I can create a fake "login" page which will set the appropriate cookies in _javascript_ and also allow for simulating "logout" by clearing the cookie.
Matt
