Hi! On Die, Aug 26, 2003 at 09:06:05 +1000, Charlie Garrison wrote:
> I need to protect resources in both the static (proxy) front-end and the > mod_perl back-end. I have been using standard http authentication which works > pretty well except for not allowing a proper logout function and some caching > issues which result in occasional false FORBIDDEN responses. Since a proper > logout has become an important requirement, I am looking for other solutions. Did you take a look at Apache::AuthCookie? http://search.cpan.org/author/MSCHOUT/Apache-AuthCookie-3.04/ > Since I need the user credentials in the mod_perl app, I'm not happy to leave > all authentication to the front-end proxy server unless it sets the user > credentials (or some other values) before passing along the request. As AuthCookie is a mod_perl handler, you would have to put the Authentification into the backend. Depending on how you generate the session key (i.e. the value of the Auth Cookie), you should be able to use the cookie in the frontend using one of the modules you mentioned (although I don't know any of them..) -- #!/usr/bin/perl http://domm.zsi.at for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/} -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html